The Hacker News

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

Researchers found 15 malicious JetBrains plugins posing as AI coding tools that exfiltrate OpenAI, DeepSeek, and SiliconFlow ...
CoinTelegraph

Viral AI assistant ‘Clawdbot’ risks leaking private messages, credentials

Misconfigured Clawdbot servers exposed API keys, private chats and credentials, cybersecurity researchers warn after the AI assistant surged in popularity Cybersecurity researchers have raised red ...
Hosted on MSN

30+ Chrome extensions disguised as AI chatbots steal users' API keys, emails, other sensitive data

Are you a good bot or a bad bot? More than 30 malicious Chrome extensions installed by at least 260,000 users purport to be helpful AI assistants, but they steal users' API keys, email messages, and ...
InfoWorld

‘Silent’ Google API key change exposed Gemini AI data

Google Cloud API keys, normally used as simple billing identifiers for APIs such as Maps or YouTube, could be scraped from websites to give access to private Gemini AI project data, researchers from ...
Memeburn

PewDiePie's Odysseus: Everything About Free AI Workspace Prevents Big Tech From Stealing Your Data

PewDiePie just launched Odysseus, a free self-hosted AI workspace in 2026 that runs locally — no subscriptions, no data tracking, no big tech cloud required.
CSOonline

AI programming copilots are worsening code security and leaking more secrets

Copilot-enabled repos are 40% more likely to contain API keys, passwords, or tokens — just one of several issues security leaders must address as AI-generated code proliferates. AI coding assistants ...