Roughly 12,000 hardcoded live API keys and passwords were found on Common Crawl, a large dataset used to train LLMs such as DeepSeek.Security pros say hardcoded credentials are dangerous because hackers can more easily exploit them to gain access to sensitive data, systems, and networks. The threat actor in this case practiced LLMJacking, in which cybercriminals … Read more
Feb 13, 2025Ravie LakshmananMalware / Cyber Espionage Threat hunters have shed light on a new campaign targeting the foreign ministry of an unnamed South American nation with bespoke malware capable of granting remote access to infected hosts. The activity, detected in November 2024, has been attributed by Elastic Security Labs to a threat cluster it … Read more
Feb 01, 2025Ravie LakshmananVulnerability / Zero-Day BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company’s Remote Support SaaS instances by making use of a compromised API key. The company said the breach involved 17 Remote Support SaaS customers and that the API key was used to … Read more
AI-enhanced cyberattacks are the No. 1 concern for application programming interface (API) defenders, according to a survey by Kong published Tuesday. The survey of 700 IT leaders found that 32% of respondents ranked AI-enhanced attacks as the biggest API security threat to their organization, more than unauthorized access or breaches at 26% and insufficient encryption … Read more
Elon Musk’s X appears to be adding yet another fee for third party apps, according to an affected app developer. After acquiring then-Twitter, Musk made big sweeping changes to the platform’s API, which allows third-party developers to integrate X into their platforms. The biggest change? Charging thousands of dollars just to access X’s API, which … Read more
