The Hacker News

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

Researchers found 15 malicious JetBrains plugins posing as AI coding tools that exfiltrate OpenAI, DeepSeek, and SiliconFlow ...
Infosecurity Magazine

Fifteen JetBrains Marketplace Plugins Found Stealing API Keys

Security researchers have uncovered a coordinated campaign designed to steal developers’ AI-related API keys via malicious ...
Developer Tech

JetBrains marketplace malware exposes developer API keys

Security researchers identified a coordinated malware campaign within the JetBrains Marketplace designed to exfiltrate ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

The Hidden Complexity In AI Infrastructure: Why Credentials Are The Real Attack Surface

The Weaviate incident in 2025 illustrated this clearly. A researcher discovered an exposed OpenAI API key in a public ...