Previously harmless Google API keys now expose Gemini AI data

Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI ...
The Hacker News

Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens

Malicious StripeApi.Net package on NuGet mimicked Stripe.net, logged 180,000 downloads, and stole Stripe API tokens before removal.

Why The OpenClaw Acquisition Is A Surprising Win For Small Business ROI

OpenAI's OpenClaw acquisition brings enterprise-grade security to agentic AI. Small businesses can now automate high-stakes ...
ZDNet

Massive 31.4 Tbps DDoS attack breaks records: How the 'apex' of botnets could be weaponizing your home devices

Aisuru smashed previous records with a 31.4 Tbps DDoS attack. It appeared to have focused on telecommunications providers. Seemingly safe and small devices can be weaponized for massive cyberattacks.

Google Ships WebMCP, The Browser-Based Backbone For The Agentic Web

Google ships WebMCP protocol, letting websites expose structured functions to AI agents and reducing computational overhead ...

Alchemy introduces autonomous payment rails for AI agents on Base

Alchemy unveiled a system enabling AI agents to autonomously pay for and access blockchain data using USDC on Base, as agent adoption expands across crypto platforms.

AI platforms can be abused for stealthy malware communication

AI assistants like Grok and Microsoft Copilot with web browsing and URL-fetching capabilities can be abused to intermediate command-and-control (C2) activity.
Network World

SSHStalker botnet brute-forces its way onto 7,000 Linux machines

A newly discovered botnet is compromising poorly-protected Linux servers by brute-forcing weak SSH password login authentication. Researchers at Canada-based Flare Systems, who discovered the botnet, ...

Claude Sonnet 4.6 delivers frontier-level AI for free and cheap-seat users

Claude Sonnet 4.6 delivers frontier-level AI for free and cheap-seat users ...