A developer needs to connect a service to an API. The documentation says to generate an API key, store it in an environment variable and pass it in a header. Five minutes later, the integration works.

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.

Breach tied to compromised AI tool may have exposed credentials used by app frontends, the user-facing layer that connects ...

Check Point researchers have found that popular AI coding assistants are unintentionally leaking sensitive internal data, ...

As AI tokens emerge as a new commodity, China's cost advantage is reshaping global model competition, though monetisation ...

A Linux variant of the GoGra backdoor uses legitimate Microsoft infrastructure, relying on an Outlook inbox for stealthy ...

The main usage metric for artificial intelligence, called tokens, looks explosive on paper, but it may be significantly ...

ShinyHunters is claiming access to a large set of CRM data tied to Cisco, including Salesforce records, AWS assets, and GitHub repositories, and ...

Bifrost stands out as the leading MCP gateway in 2026, pairing native Model Context Protocol support with Code Mode to cut ...

Threat actors can extract Google API keys embedded in Android applications to gain access to Gemini AI endpoints and ...

Today’s attack surface is shifting from the endpoint to the API, and AI and third-party SaaS are worsening the issue. CISOs offer advice for API defense. Recent breaches suggest attackers are shifting ...