Previously harmless Google API keys now expose Gemini AI data

Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
InfoWorld

The browser is your database: Local-first comes of age

The thick client is making a comeback. Here’s how next-generation local databases like PGlite and RxDB are bringing ...
InfoWorld

Three web security blind spots in mobile DevSecOps pipelines

Mobile platforms operate under fundamentally different trust assumptions than we relied on for web security. Your mobile ...
9to5Google

Google details MCP-like ‘AppFunctions’ that let Gemini use Android apps

Following the Gemini automation announcement today, Google is detailing how all this works under the hood on Android.
The Hacker News

⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More

Zero-day exploits, AI-driven Android malware, firmware backdoors, password manager trust gaps, rising DDoS define this week’s critical cyber threats.