The Hacker News

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

Researchers found 15 malicious JetBrains plugins posing as AI coding tools that exfiltrate OpenAI, DeepSeek, and SiliconFlow ...
Developer Tech

JetBrains marketplace malware exposes developer API keys

Security researchers identified a coordinated malware campaign within the JetBrains Marketplace designed to exfiltrate ...
Infosecurity Magazine

Fifteen JetBrains Marketplace Plugins Found Stealing API Keys

Aikido Security found at least 15 integrated development environment (IDE) plugins on the JetBrains Marketplace which had ...
The Hacker News

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

Attackers are exploiting CVE-2026-4020 in Gravity SMTP to leak API keys, OAuth tokens, and system data from WordPress sites.
SecurityWeek

Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data

Hackers are exploiting a vulnerability in the Gravity SMTP WordPress plugin to extract configuration data, including API keys ...
Digital Trends

A simple coding mistake is exposing API keys across thousands of websites

After analyzing 10 million webpages, researchers have found thousands of websites accidentally exposing sensitive API credentials, including keys linked to major services like Amazon Web Services, ...
CSO Online

Security considerations for adopting Claude Code and Cowork for SMBs

If your SMB is adopting Claude, roll out features gradually and protect your API keys, because you cannot outsource your ...