The Hacker News

Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens

Malicious StripeApi.Net package on NuGet mimicked Stripe.net, logged 180,000 downloads, and stole Stripe API tokens before removal.
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
Cloud Security Alliance

Token Sprawl in the Age of AI

Explore how AI accelerates token sprawl, why legacy IAM struggles, and practical steps to shrink non-human identity risk.
Infosecurity-magazine.com

Thousands of Publicly Exposed API Tokens Could Threaten Software Integrity

Thousands of publicly exposed, active application programming interface (API) tokens have been spotted across the web that could threaten software integrity and allow bad actors to access confidential ...
InfoWorld

Public package repos expose thousands of API security tokens—and they’re active

JFrog’s new Xray Secrets Detection uncovered active access tokens in popular open-source software registries including Docker, npm, and PyPI. Here are our findings and takeaways. As part of the ...
Bleeping Computer

GitHub can now auto-block commits containing API keys, auth tokens

GitHub has announced on Monday that it expanded its code hosting platform's secrets scanning capabilities for GitHub Advanced Security customers to block secret leaks automatically. Secret scanning is ...
Stark Insider

7 Ways to Stop Bleeding Money on AI API Calls

AI API calls are expensive. After our always-on bot burned through tokens, we found seven optimization levers that cut costs by 45-50% without sacrificing output quality.