Developer Tech

Check Point: AI coding assistants are leaking API keys

Check Point researchers have found that popular AI coding assistants are unintentionally leaking sensitive internal data, ...
The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.

Talking to AI agents is one thing — what about when they talk to each other? New startup Band debuts 'universal orchestrator'

Already, BAND's early users — and enterprises more broadly — are mixing and matching AI agents powered by models from various ...
Security Boulevard

Attacking the MCP Trust Boundary

Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol ...

The MCP Disclosure Is the AI Era’s ‘Open Redirect’ Moment

The MCP flaw reveals a systemic AI security gap, exposing enterprise systems to supply chain attacks and forcing a shift ...

Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain

A Vercel employee's AI tool OAuth grant gave attackers access to internal systems via a four-hop kill chain. Here's what ...

Security study finds thousands of API credentials exposed on the web for years

Researchers scan 10 million websites and uncover thousands of exposed API keys quietly granting access to cloud systems and critical infrastructure ...
TechJuice

Hackers Claim 4TB of Mercor Data Including Source Code and API Keys

Six months after raising $350 million at a $10 billion valuation, AI startup Mercor is dealing with the consequences of a ...

MCP Code Mode: How Bifrost Cuts Token Usage by 50%

Bifrost stands out as the leading MCP gateway in 2026, pairing native Model Context Protocol support with Code Mode to cut ...
Dark Reading

Critical MCP Integration Flaw Puts NGINX at Risk

Attackers can abuse the near-maximum severity flaw in nginx-ui to restart, create, modify, and delete NGINX configuration ...

Company insiders help hackers in South Africa

Thalia Pillay, CEO of South African fraud prevention provider Orca Fraud said that there is almost always an insider threat ...
The Guardian Nigeria

Election data at risk as hackers hold govt agencies, banks to ransom

A sophisticated wave of ransomware attacks has remained a threat to Nigerian government agencies and tier-1 financial ...