SecurityWeek

Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories

Amazon Q vulnerability could allow attackers to steal developer cloud credentials by luring them into opening a booby-trapped ...
Search Engine Land

Google Ads API v24.2 adds AI transparency, stronger security and new reporting

API v24.2 introduces AI visibility tools, stronger security controls and new PMax reporting features for advertisers and developers. Google has released Google Ads API v24.2, an update that introduces ...
CSO Online

Google’s Vertex AI SDK could allow RCE through bucket squatting

Google reportedly patched a flaw in the Vertex AI SDK for Python that could allow attackers to hijack model uploads and ...
The Hacker News

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

Researchers found 15 malicious JetBrains plugins posing as AI coding tools that exfiltrate OpenAI, DeepSeek, and SiliconFlow ...
The Hacker News

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited ...

Fake Claude Code Installers Deliver Credential-Stealing Malware

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other sensitive data.
eWeek

Google AI Studio Cheat Sheet: Features, Pricing, and More

Google AI Studio lets users test Gemini models, build apps, generate media, and export code. Here’s what it does, costs, and ...
Engadget

Google's newest app is an AI-powered image editor

Alongside an array of updates across its Workspace apps, including Docs and Drive, Google is launching a new image-editing app that combines generative AI tools with fine-grain editing. Google Pics is ...
Crypto Briefing

Google confirms hackers used AI to create zero-day exploit bypassing two-factor authentication

For years, the cybersecurity industry warned that AI-assisted hacking was coming. It’s here now. Google’s Threat Intelligence Group (GTIG) has confirmed the first known case of a zero-day exploit ...
AppleInsider

Mac Script Editor becomes new entry point for ClickFix malware

ClickFix attacks targeting Mac users now use Script Editor instead of Terminal, a shift that sidesteps Apple's latest protections and streamlines the attack. Apple introduced command scanning for ...
Ars Technica

Gemini burrows deeper into Google Workspace with revamped document creation and editing

Google didn’t waste time integrating Gemini into its popular Workspace apps, but those AI features are now getting an overhaul. The company says its new Gemini features for Drive, Docs, Sheets, and ...
Bleeping Computer

Previously harmless Google API keys now expose Gemini AI data

Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI assistant and access private data. Researchers found nearly 3,000 such ...