InfoWorld

Open source maintainers are being targeted by AI agent as part of ‘reputation farming’

“Once contribution and reputation building can be automated, the attack surface moves from the code to the governance process around it. Projects that rely on informal trust and maintainer intuition ...

Previously harmless Google API keys now expose Gemini AI data

Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
InfoWorld

WebMCP API extends web apps to AI agents

W3C proposal backed by Google and Microsoft allows developers to expose client-side JavaScript tools to AI agents, enabling ...

What 5 Million Apps Revealed About Secrets in JavaScript

Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery - until now. Intruder's research team built a new secrets detection method and scanned 5 ...
The Hacker News

ThreatsDay Bulletin: OpenSSL RCE, Foxit 0-Days, Copilot Leak, AI Password Flaws & 20+ Stories

ThreatsDay Bulletin tracks active exploits, phishing waves, AI risks, major flaws, and cybercrime crackdowns shaping this week’s threat landscape.

The real story behind the 53% drop in SaaS AI traffic

AI traffic isn’t collapsing — it’s concentrating. Copilot surges in-workflow, 41% lands on search pages, and Q4 follows budget cycles.
GitHub

Y Combinator companies API

Y Combinator companies API This repository contains an unofficial API for Y Combinator companies fetched from the Y Combinator website's Algolia search index. It only includes publicly launched ...