Deleted Google API keys keep working for up to 23 minutes, researchers warn 2026-05-22 at 15:08 By Zeljka Zorz Google API keys are credentials that let applications access Google services, from Maps to the Gemini AI. If a key is leaked, an attacker can use it to make API calls, rack up charges, and, if […]
Deleted Google API keys keep working for up to 23 minutes, researchers warn Read More »
TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware 2026-03-27 at 15:46 By Zeljka Zorz TeamPCP continues is supply chain compromise rampage, with telnyx on PyPI being the latest maliciously modified package. What happened? Telnyx is a widely used software development kit (SDK) for the Telnyx AI Voice Agent service. According to Endor Labs researchers,
TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware Read More »
LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks 2026-03-25 at 14:01 By Zeljka Zorz A slew of supply chain attacks against popular open source tools and packages appears to have been orchestrated by TeamPCP, a cybercriminal group that rose to prominence in late 2025. The latest victim of the group is BerryAI’s popular
LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks Read More »
Betterleaks: Open-source secrets scanner 2026-03-19 at 09:02 By Anamarija Pogorelec Secrets scanning has become standard practice across engineering organizations, and Gitleaks has been one of the most widely used tools in that space. The author of that project has now released a new tool called Betterleaks, which is designed to scan git repositories, directories, and
Betterleaks: Open-source secrets scanner Read More »
New infosec products of the month: February 2026 2026-02-27 at 08:18 By Anamarija Pogorelec Here’s a look at the most interesting products from the past month, featuring releases from Aikido Security, Avast, Armis, Black Duck, Compliance Scorecard, Fingerprint, Gremlin, Impart Security, Portnox, Redpanda, Socure, SpecterOps, Veza, and Virtana. Gremlin launches Disaster Recovery Testing for zone,
New infosec products of the month: February 2026 Read More »
Aikido Infinite introduces continuous, self-remediating AI penetration testing 2026-02-24 at 16:12 By Industry News Aikido Security has unveiled Aikido Infinite, a continuous AI penetration testing solution that autonomously validates and remediates vulnerabilities. Infinite reduces risk with every release by testing software changes as they move through deployment, confirming exploitability, and fixing vulnerabilities within the same
Aikido Infinite introduces continuous, self-remediating AI penetration testing Read More »
Waiting for AI superintelligence? Don’t hold your breath 2026-01-27 at 09:44 By Sinisa Markovic AI’s impact on systems, security, and decision-making is already permanent. Superintelligence, often referred to as artificial superintelligence (ASI), describes a theoretical stage in which AI capability exceeds human cognitive performance across domains. Whether current systems are progressing toward cybersecurity superintelligence remains
Waiting for AI superintelligence? Don’t hold your breath Read More »
Security teams debate how much to trust AI 2025-12-30 at 07:06 By Anamarija Pogorelec AI is reshaping how organizations operate, defend systems, and interpret risk. Reports reveal rising AI-driven attacks, hidden usage across enterprises, and widening gaps between innovation and security readiness. As adoption accelerates, companies face pressure to govern AI responsibly while preparing for
Security teams debate how much to trust AI Read More »
When AI writes code, humans clean up the mess 2025-10-24 at 10:42 By Anamarija Pogorelec AI coding tools are reshaping how software is written, tested, and secured. They promise speed, but that speed comes with a price. A new report from Aikido Security shows that most organizations now use AI to write production code, and
When AI writes code, humans clean up the mess Read More »
Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack 2025-09-17 at 01:18 By Zeljka Zorz A potentially monumental supply chain attack is underway, thanks to a self-replicating worm-like payload that has been compromising packages published on the npm Registry. The worm has been dubbed “Shai-hulud” as it steals credentials from victims who
Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack Read More »
Fake npm 2FA reset email led to compromise of popular code packages 2025-09-09 at 16:51 By Zeljka Zorz Malicious versions of at least 18 widely used npm packages were uploaded to the npm Registry on Monday, following the compromise of their maintainer’s account. “The packages were updated to contain a piece of code that would
Fake npm 2FA reset email led to compromise of popular code packages Read More »