The Hacker News

Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

Malicious Sicoob.Sdk stole PFX certificates and client IDs via NuGet downloads, enabling API impersonation and payment abuse risks.
Tech Times

GitHub CISO Names Nx Console as Root of 3,800-Repo Breach: OpenAI, Grafana Also Hit

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...
Finextra

FedNow strengthens instant payments security with new API tool

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community. On April 28, early adopters will be able to access historical ...
webtv.un.org

Peace and Security

A changing world demands a resilient response. The United Nations employs a diverse range of mechanisms and tools to prevent conflict, foster people-centered, peaceful resolutions, and build ...
CSOonline

APIs are the new perimeter: Here’s how CISOs are securing them

Today’s attack surface is shifting from the endpoint to the API, and AI and third-party SaaS are worsening the issue. CISOs offer advice for API defense. Recent breaches suggest attackers are shifting ...
Visual Studio Magazine

Building Secure and Scalable APIs in .NET 8

APIs serve as the backbone of modern applications, enabling diverse systems to communicate and exchange data seamlessly. Whether you are building desktop apps, mobile apps, or SPAs for the web, nearly ...
Bleeping Computer

Previously harmless Google API keys now expose Gemini AI data

Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI assistant and access private data. Researchers found nearly 3,000 such ...
VentureBeat

OpenClaw proves agentic AI works. It also proves your security model doesn't. 180,000 developers just made that your problem.

OpenClaw, the open-source AI assistant formerly known as Clawdbot and then Moltbot, crossed 180,000 GitHub stars and drew 2 million visitors in a single week, according to creator Peter Steinberger.
CSOonline

Hidden API in Comet AI browser raises security red flags for enterprises

SquareX has disclosed a previously undocumented API within the Comet AI browser that allows its embedded extensions to execute arbitrary commands and launch applications — capabilities mainstream ...
Bleeping Computer

Microsoft: SesameOp malware abuses OpenAI Assistants API in attacks

Microsoft security researchers have discovered a new backdoor malware that uses the OpenAI Assistants API as a covert command-and-control channel. The company's Detection and Response Team (DART) ...
The Verge

Microsoft’s plan to fix the web with AI has already hit an embarrassing security flaw

This latest security issue highlights the challenges of security in an AI era. This latest security issue highlights the challenges of security in an AI era. is a senior correspondent and author of ...