The Next Web

A popular OpenAI Codex tool with 29,000 weekly downloads has been quietly stealing developer tokens for a month

The codexui-android npm package silently exfiltrated OpenAI Codex auth tokens to an attacker server for a month, affecting 29,000 weekly downloads.
Android

Infostealer Malware Sneaks into Popular Codex UI Tool After One Month of Building Trust

Cybersecurity researchers at Aikido Security have uncovered a malicious supply chain attack targeting OpenAI Codex developers via the npm package “codexui-android”. While the associated GitHub ...

Fake Claude Code Installers Deliver Credential-Stealing Malware

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other ...
Dark Reading

Google API Keys Remain Active After Deletion

Google API keys aren't completely inactive after users delete them, giving attackers a small but significant window to continue abusing them. Joe Leon, researcher at Belgian startup Aikido Security, ...
TechCrunch

US cyber agency CISA exposed reams of passwords and cloud keys to the open web

U.S. cybersecurity agency CISA may have escaped a sizable security breach, thanks to a good-faith security researcher who identified publicly exposed credentials that allowed access to government ...
PCGamesN

Get a free Steam key for Invincible VS, the new fighting game based on the hit Amazon Prime series

What if Superman was a bad guy? That's not exactly an original question, but Invincible is one of the most interesting ideas born from the 'superhero gone bad' premise. Full of violence, guts, and ...
Rolling Stone

The Black Keys Dig Deep Into Their Record Collection and Find Plenty of Gold

The past couple of Black Keys records have seen the Akron, Ohio, arena-garage blues-rock duo stretch out of their comfort zone a little. Their 2024 Ohio Players brought on collaborators like Beck, Dan ...
Infosecurity-magazine.com

Google API Keys Quietly Gain Access to Gemini on Android Devices

A flaw in Google's API key system has reportedly exposed mobile applications to unintended access to its Gemini AI platform. According to a CloudSEK advisory published on April 8, the issue affects ...
GitHub

A practical guide to the Steamworks Web API covering sales data, wishlist reporting, reviews, player counts, achievements and partner endpoints. Focused on real-world usage ...

You shipped your game on Steam. Congrats! Now you need data: how many people are playing, what are they saying in reviews, how are sales going, where are your wishlists coming from. You open Steam's ...
techtimes

API Key Leak Exposes AWS, Stripe, OpenAI Credentials Across Thousands of Sites

A large-scale cybersecurity study has revealed a serious global web security issue involving exposed API credentials tied to major platforms, including Amazon Web Services, Stripe, and OpenAI. After ...
Digital Trends

A simple coding mistake is exposing API keys across thousands of websites

After analyzing 10 million webpages, researchers have found thousands of websites accidentally exposing sensitive API credentials, including keys linked to major services like Amazon Web Services, ...