InfoQ

AWS Launches Managed Openclaw on Lightsail Amid Critical Security Vulnerabilities

AWS launched managed OpenClaw on Lightsail for AI agent deployment while security concerns mount. The 250k-star GitHub project is affected by CVE-2026-25253, which enables one-click RCE, with 17,500+ ...

AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.
Bitdefender

Leaked Google API keys can unlock Gemini API access and surprise bills

Google Cloud API keys have long appeared in public JavaScript to power Maps, YouTube embeds, analytics and Firebase features. Historically, many teams treated those strings as “ok to expose,” mainly ...
cybernews

Hackers can exploit thousands of exposed Google API keys to access Gemini and steal data

Websites leak Google API keys. Apps leak Google API keys. Even code repositories are full of them. What used to be a nuisance is now letting attackers access your Gemini and sensitive data, security ...
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

Cybersecurity researchers have disclosed what they say is an active "Shai-Hulud-like" supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential ...
GitHub

GitHub - fl4nk3r-h/secureP2P-Java: A robust, zero-trust peer-to-peer communication framework built in Java with end-to-end encryption, secure key exchange, and modular network ...

SecureP2P is a peer-to-peer communication system designed with zero-trust security principles. It provides encrypted communication between peers without requiring a central trusted authority. The ...