The Hacker News

OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps

CVE-2025-59363 "allowed attackers with valid API credentials to enumerate and retrieve client secrets for all OIDC ...

Google clarifies API key process for local inventory feeds

Google simplified the process for merchants to obtain API keys for local inventory feeds, clearing a hurdle to faster ...
CSOonline

AI programming copilots are worsening code security and leaking more secrets

Copilot-enabled repos are 40% more likely to contain API keys, passwords, or tokens — just one of several issues security leaders must address as AI-generated code proliferates. AI coding assistants ...
Computing

AI training dataset leaks thousands of live API keys and passwords

Researchers have uncovered nearly 12,000 private API keys and passwords embedded within the Common Crawl dataset; an open-source repository of web data used by leading AI developers to train their AI ...
Bleeping Computer

GitHub expands security tools after 39 million secrets leaked in 2024

GitHub announced updates to its Advanced Security platform after it detected over 39 million leaked secrets in repositories during 2024, including API keys and credentials, exposing users and ...