Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

Previously harmless Google API keys now expose Gemini AI data

Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI ...
Le Lézard

Oasis Security Research Team Discovers Critical Vulnerability in OpenClaw

Oasis Security, the identity security platform, today released new threat research exploring a vulnerability chain in OpenClaw that allows any website to silently take full control of a developer's AI ...