Infosecurity Magazine

Cursor Extension Flaw Exposes Developer API Keys

Cursor flaw lets extensions steal API keys and session tokens without user interaction, according to researchers at LayerX ...

ClickUp Data Leak Exposes Enterprise Emails for Over a Year

A hardcoded ClickUp API key exposed hundreds of corporate and government emails for over a year, raising new SaaS security ...

Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw

Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by ...
TechJuice

This Popular AI Tool Was Hacked in Just 36 Hours (Here’s What Attackers Stole)

A critical pre-authentication SQL injection vulnerability in BerriAI’s LiteLLM Python package came under active exploitation ...
Security Boulevard

API Keys vs. JWTs: Choosing the Right Auth Method for Your API

A developer needs to connect a service to an API. The documentation says to generate an API key, store it in an environment variable and pass it in a header. Five minutes later, the integration works.
GIGAZINE

The API key that Google had announced as 'OK to publish' is also the Gemini authentication key, so there are a lot of websites that are leaking personal information

Google has stated that API keys for services like Firebase and Google Maps are 'safe to share,' but Truffle Security has discovered that the same keys can be used to access Gemini, the administrator's ...
Infosecurity-magazine.com

The Growing Threat of Broken Authentication Attacks on APIs

Application programming interfaces (APIs) are integral to the functionality of the internet today. By enabling communications between programs, they make many processes more efficient and convenient, ...
GIGAZINE

Anthropic officially bans third-party subscription authentication

As a result, developers building products or services that integrate with Claude's features, including the Agent SDK, must use API key authentication through the Claude Console or a supported cloud ...