CyberStrikeAI tool adopted by hackers for AI-powered attacks

Researchers warn that a newly identified open-source AI security testing platform called CyberStrikeAI was used by the same threat actor behind a recent campaign that breached hundreds of Fortinet ...

Dev stunned by $82K Gemini bill after unknown API key thief goes to town

Probably not an isolated incident only as researchers have already found 2,863 live API keys exposed A developer says their ...

Security News This Week: Area Man Accidentally Hacks 6,700 Camera-Enabled Robot Vacuums

Plus: The top US cyber agency falls into shambles, AI models develop an upsetting penchant for nuclear weapons, and more.
CPO Magazine

Researchers Warn Benign Google API Keys Could be Exploited to Rack Up Gemini AI Bills

Researchers with Truffle Security are warning that old and seemingly benign Google API keys might now be weaponized by threat actors after gaining Gemini AI authorization permissions, in a destructive ...
CSO Online

State-affiliated hackers set up for critical OT attacks that operators may not detect

Threat groups are weaponizing industrial control access they’ve gained over the years, but critical infrastructure operators ...
Security Boulevard

A fake FileZilla site hosts a malicious download

A tampered copy of FileZilla quietly contacts attacker-controlled servers using encrypted DNS traffic that can slip past ...
American Banker

OpenClaw AI creates shadow IT risks for banks

Bank employees are likely adopting the OpenClaw AI assistant on the sly to boost productivity, but the tool's deep ...

How a Brute Force Attack Unmasked a Ransomware Infrastructure Network

A routine RDP brute-force alert led to unusual credential hunting and a geo-distributed VPN-linked infrastructure. Huntress Labs explains how one compromised login unraveled a suspected ...

The energy vampire next door: Life next to an AI mega-factory

Billions of dollars are pouring into data centres to fuel the AI revolution but residents and experts warn the state is ignoring the hidden cost to power, water and peace.

Google dropped dark web monitoring: Should you care?

Google's Dark Web Report removal eliminates automated breach scanning for users, though Security Checkup and Password Manager ...