282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study
Researchers tested 444 AI chatbot apps for iPhone and found that 282 of them, nearly two-thirds, exposed paid AI access through their network traffic
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Researchers tested 444 AI chatbot apps for iPhone and found that 282 of them, nearly two-thirds, exposed paid AI access through their network traffic
Researchers say Schemata’s platform exposed names, emails, base assignments, and course materials before the company patched the issue and contacted government authorities. The post A DOD contractor’s API flaw exposed military course data and service member records appeared first on CyberScoop.
Probably not an isolated incident only as researchers have already found 2,863 live API keys exposed A developer says their company is on the hook for more than $82,000 in unauthorized charges after a stolen Google Gemini API key racked massive usage costs up in just 48 hours.…
New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private data
Database Misconfiguration Exposed 1.5 million API TokensA misconfigured database at Moltbook, the viral social network for AI agents, exposed 1.5 million API authentication tokens, 35,000 email addresses and private messages. Security researchers discovered unauthenticated read and write access to all platform data within days of launch.
Cybersecurity researchers have called attention to a "massive campaign" that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation
Leaked API keys are no longer unusual, nor are the breaches that follow. So why are sensitive tokens still being so easily exposed? To find out, Intruder’s research team looked at what traditional vulnerability scanners actually cover and built a new secrets detection method to address gaps in existing approaches. Applying this at scale by scanning 5 million applications revealed over
Cybersecurity researchers have discovered a variant of a recently disclosed campaign that abuses the TOR network for cryptojacking attacks targeting exposed Docker APIs
CyCognito research finds that a third of education sector APIs, web apps and cloud assets are exposed to attack
Wallarm honeypot research finds potentially exposed APIs are being discovered within half a minute
Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service (DoS) as well as remote code execution (RCE) attacks
Attacks on unprotected servers reach 'critical level' An unknown attacker is abusing exposed Docker Remote API servers to deploy perfctl cryptomining malware on victims' systems, according to Trend Micro researchers.…
Cybersecurity researchers have uncovered a new malware campaign that targets publicly exposed Docket API endpoints with the aim of delivering cryptocurrency miners and other payloads
Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat
Researchers at Lasso found 1,500+ tokens in total that gave them varying levels of access to LLM repositories at Google, Microsoft, VMware, and some 720 other organizations.
With more than 1,500 tokens exposed, research highlights importance of securing supply chains in AI and ML The API tokens of tech giants Meta, Microsoft, Google, VMware, and more have been found exposed on Hugging Face, opening them up to potential supply chain attacks. …
Researchers found that the private keys and secrets they discovered being exposed within the Docker framework are already being used in the wild.
Cybersecurity researchers have unearthed an attack infrastructure that's being used as part of a "potentially massive campaign" against cloud-native environments
Researchers discovered 1,550 mobile apps leaking Algolia API keys, risking the exposure of sensitive internal services and stored user information. [...]
Security researchers will handle testing on "headless" API endpoints that lack a user interface and are increasingly exposed to attackers.