The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
Infosecurity-magazine.com

Vibe-Coded Moltbook Exposes User Data, API Keys and More

A self-styled social networking platform built for AI agents contained a misconfigured database which allowed full read and write access to all data, security researchers have revealed. Moltbook was ...
Reuters

'Moltbook' social media site for AI agents had big security hole, cyber firm Wiz says

WASHINGTON, Feb 2 (Reuters) - A buzzy new social network where artificial intelligence-powered bots appear to swap code and gossip about their human owners had a major flaw that exposed private data ...
VentureBeat

OpenClaw proves agentic AI works. It also proves your security model doesn't. 180,000 developers just made that your problem.

OpenClaw, the open-source AI assistant formerly known as Clawdbot and then Moltbot, crossed 180,000 GitHub stars and drew 2 million visitors in a single week, according to creator Peter Steinberger.
CoinTelegraph

Viral AI assistant ‘Clawdbot’ risks leaking private messages, credentials

Cybersecurity researchers have raised red flags about a new artificial intelligence personal assistant called Clawdbot, warning it could inadvertently expose personal data and API keys to the public.
bitnewsbot

Chrome extension steals MEXC API keys, enables theft online.

On Jan. 13, 2026, researchers reported that a Chrome extension called MEXC API Automator (ID: pppdfgkfdemgfknfnhpkibbkabhghhfh) targets accounts on MEXC, a ...
Bleeping Computer

OpenAI discloses API customer data breach via Mixpanel vendor hack

OpenAI is notifying some ChatGPT API customers that limited identifying information was exposed following a breach at its third-party analytics provider Mixpanel. Mixpanel offers event analytics that ...
9to5Mac

Coding assistance websites exposed credentials for banks, government, and more

Two websites intended to help software developers format and structure their code have exposed thousands of login credentials, authentication keys, and other highly sensitive information.
CSOonline

AI startups leak sensitive credentials on GitHub, exposing models and training data

Experts say the leaks highlight how fast-growing AI firms may be prioritizing innovation over basic DevSecOps hygiene, leaving valuable intellectual property and data at risk. Nearly two-thirds of the ...
Mashable

Microsoft warns that an OpenAI API is being abused as a backdoor for 'espionage'

On Monday, Microsoft Detection and Response Team (DART) researchers warned that an OpenAI API was being abused as a backdoor for malware. The researchers concluded that bad actors were using the novel ...
DualShockers

ARC Raiders: How To Get & Use Raider Hatch Keys

Callum is a seasoned gaming managing editor for a number of publications and a gamer who will always try to shine a spotlight on indie games before giving AAA titles the time of day. He loves nothing ...
Search Engine Land

Google clarifies API key process for local inventory feeds

After months of merchant frustration over securing the required API key for website-reported local inventory feeds via Google Tag Manager, Google has now confirmed a straightforward process: Why we ...