CoinDesk

Private keys, not smart contracts, caused 40% of crypto's $16 billion hack losses. Here's whats being done.

The industry is moving toward fixing the private key vulnerability issue, just not evenly, Wish Wu, co-founder and CEO of ...
Microsoft

StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them

On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that ...
Decrypt

Ethereum Layer-2 Taiko Warns Users to Withdraw Bridge Funds After Security Breach

Researchers estimate more than $1.7 million was stolen after attackers allegedly exploited Taiko's proof verification process ...
SecurityWeek

Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data

Hackers are exploiting a vulnerability in the Gravity SMTP WordPress plugin to extract configuration data, including API keys ...
The Hacker News

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

Researchers found 15 malicious JetBrains plugins posing as AI coding tools that exfiltrate OpenAI, DeepSeek, and SiliconFlow ...
Security Systems News

Tag: Public Key Open Credential (PKOC)

SAN FRANCISCO—ZBeta has released its first LabZ Tech Perspective, focusing on the Public Key Open Credential (PKOC) standard and its potential impact on the physical access control market. The report ...
decrypt

Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Says Microsoft

Add Decrypt as your preferred source to see more of our stories on Google. Microsoft researchers found that Anthropic's Claude Code GitHub Action could be manipulated through prompt injection attacks.
techtimes

Signal Phishing Attack Steals Backup Keys, Exposing Full Encrypted Chat History

Hackers launched a new phishing campaign this week targeting Signal users — specifically journalists, anti-Chinese Communist Party activists, and human rights workers — with fraudulent text messages ...
Dark Reading

Google API Keys Remain Active After Deletion

Google API keys aren't completely inactive after users delete them, giving attackers a small but significant window to continue abusing them. Joe Leon, researcher at Belgian startup Aikido Security, ...
VentureBeat

Claude agents can finally connect to enterprise APIs without leaking credentials

The reason enterprises have been slow to connect AI agents to internal APIs and databases isn't the models — it's the credentials. In most production deployments, the agent carries authentication ...
TechCrunch

US cyber agency CISA exposed reams of passwords and cloud keys to the open web

U.S. cybersecurity agency CISA may have escaped a sizable security breach, thanks to a good-faith security researcher who identified publicly exposed credentials that allowed access to government ...
Ars Technica

In stunning display of stupid, secret CISA credentials found in public GitHub repo

Security researcher Brian Krebs brings us the news that America’s Cybersecurity & Infrastructure Agency (CISA) has had a large store of plaintext passwords, SSH private keys, tokens, and “other ...