Security Boulevard

How a Long-Lived API Credential Let an AI Agent Delete Production Data

What began as a routine staging task for a SaaS startup ended in a disaster that  would have been unthinkable just months ago: an AI agent operating as a super insider threat and triggering a ...
Bleeping Computer

Google: Malware abusing API is standard token theft, not an API issue

Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired. In late November 2023, ...
Bleeping Computer

Twitter is warning devs that API keys and tokens may have leaked

Twitter is emailing developers stating that their API keys, access tokens, and access token secrets may have been exposed in a browser's cache. In an email seen by BleepingComputer, Twitter explains ...
The Financial Express

‘AI Agent just destroyed our production data and confessed in writing’, founder rings alarm bells

PocketOS founder Jer Crane revealed that an AI agent powered by Anthropic’s Claude Opus 4.6 wiped out his company’s ...
Infosecurity-magazine.com

Thousands of Publicly Exposed API Tokens Could Threaten Software Integrity

Thousands of publicly exposed, active application programming interface (API) tokens have been spotted across the web that could threaten software integrity and allow bad actors to access confidential ...

Anthropic squeezes enterprises by ejecting bundled tokens from seat deal

Anthropic offers three individual subscription tiers (Free, Pro at $20 per month, and Max at $100 or $200 per month), a Team tier for small organizations ($25 per month or $125 per month), and an ...
InfoWorld

Public package repos expose thousands of API security tokens—and they’re active

JFrog’s new Xray Secrets Detection uncovered active access tokens in popular open-source software registries including Docker, npm, and PyPI. Here are our findings and takeaways. As part of the ...