The Hacker News

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

Attackers are exploiting CVE-2026-4020 in Gravity SMTP to leak API keys, OAuth tokens, and system data from WordPress sites.
The Next Web

Hackers are mass-exploiting a Gravity SMTP flaw to steal API keys from 100,000 WordPress sites

Wordfence has blocked 17M+ exploit attempts targeting a Gravity SMTP bug that leaks API keys, OAuth tokens, and full system reports without authentication.
The Hacker News

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

Researchers found 15 malicious JetBrains plugins posing as AI coding tools that exfiltrate OpenAI, DeepSeek, and SiliconFlow ...
CSO Online

Security considerations for adopting Claude Code and Cowork for SMBs

If your SMB is adopting Claude, roll out features gradually and protect your API keys, because you cannot outsource your ...

Multiple plugins for JetBrains IDEs steal API keys for OpenAI, DeepSeek & Co.

At least 15 plug-ins for JetBrains IDEs transmit API keys to an external server, while otherwise offering their promised ...

Copilot searched your mailbox. LiteLLM handed out admin keys. Run this 5-check audit before your stack is next

SearchLeak and a three-CVE LiteLLM chain broke the same AI trust boundary in two weeks. A 5-check audit maps each gap to a ...

Google Bug Hunter Claims $500K From AI-Assisted Vulnerability Pipeline

A researcher claims an AI-assisted pipeline helped earn $500,000 in Google bug bounty payouts, raising API security and ...

Linx Security Integrates with Claude Compliance API to Bring Identity Governance to Enterprise AI

Linx Security, the AI-native identity security and governance platform built for the era of hybrid workforce — humans, AI ...

Why AI agents could create a new control and security crisis

Abhinav: The technology is advancing quickly. One important development is the adoption of the Model Context Protocol (MCP) ...
Rutland Herald

Perfect Corp. Launches Industry’s Most Comprehensive AI Hair & Beard API Suite, Combining Virtual Try-On with Intelligent Hair Analysis

Perfect Corp. (NYSE: PERF), the global leader in AI and augmented reality (AR) beauty technology, today announced the ...
CSO Online

Governing the ghost workforce

Every enterprise security team is fighting a workforce problem they cannot see on any org chart. Bots, service accounts, API ...

MiniMax-M3 debuts, eclipsing GPT-5.5 and Gemini 3.1 Pro on key benchmark performance for just 5-10% of the cost

M3 demonstrates that the next phase of agent development will not just be driven by larger datasets, but by efficient ...