Attackers are exploiting CVE-2026-4020 in Gravity SMTP to leak API keys, OAuth tokens, and system data from WordPress sites.

Wordfence has blocked 17M+ exploit attempts targeting a Gravity SMTP bug that leaks API keys, OAuth tokens, and full system reports without authentication.

At least 15 malicious plugins found on the JetBrains Marketplace were designed to steal AI API keys from developers. The campaign, discovered by Aikido Security, includes plugins that act as AI coding ...

Intruder analyzed 3,000 attack surfaces and found 60% exposed HTTP panels, 49% risky ports, and 42% internet-facing databases ...

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed servers. The flaw is tracked as ...

Semi-automate multi-protocol API calls, construct jq queries at the speed of light, or transform strings to and from any ...

Spend less time configuring and more time using AI.

Spread the love“`html In the ever-evolving landscape of digital transactions, Stripe API integration stands as a frontrunner for businesses looking to streamline their payment processes. This robust ...

The OpenAPI Specification (OAS) defines a standard, programming language-agnostic interface description for HTTP APIs, which allows both humans and computers to discover and understand the ...

The biggest barrier to accountability isn't willingness — it's friction. Contractors want to warn others. We eliminated ...

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...

Application Programming Interfaces (APIs) are foundational to a modern digital ecosystem. These standards govern how APIs are to be developed across the Government of Canada (GC) to better support ...