thecyberexpress

AI-Coded Moltbook Platform Exposes 1.5 Mn API Keys Through Database Misconfiguration

Viral social network “Moltbook” built entirely by artificial intelligence leaked authentication tokens, private messages and user emails through missing security controls in production environment.
testingcatalog

Google Stitch to add API keys and PRD generation for PMs

Google’s Stitch design agent continues to evolve, now offering users the option to create and manage API keys directly within its settings. This approach reflects the system seen in Google AI Studio, ...
Security Boulevard

Stop Leaking API Keys: The Backend for Frontend (BFF) Pattern Explained

TL;DR: Frontend applications (SPAs, mobile apps, desktop clients) cannot securely store secrets: any embedded API key is extractable by users and attackers. The Backend for Frontend (BFF) pattern ...
Cloud Security Alliance

How I Used Free Tools to Resource Jack API Keys

Written by Ashur Kanoon, Technical Product Marketing, Aembit. How much damage could an attacker do with free tools and minimal effort? That’s the question I set out to answer – and the results even ...
The Hacker News

Hackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTP

Cybersecurity researchers have identified three sets of malicious packages across the npm and Python Package Index (PyPI) repository that come with capabilities to steal data and even delete sensitive ...
The Hacker News

Malicious PyPI Package ‘Fabrice’ Found Stealing AWS Keys from Thousands of Developers

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) that has racked up thousands of downloads for over three years while stealthily exfiltrating developers ...