The Hacker News

⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

Your weekly cybersecurity roundup covering the latest threats, exploits, vulnerabilities, and security news you need to know.
The Hacker News

Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement

New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private ...
VentureBeat

Why “which API do I call?” is the wrong question in the LLM era

For decades, we have adapted to software. We learned shell commands, memorized HTTP method names and wired together SDKs. Each interface assumed we would speak its language. In the 1980s, we typed ...
Search Engine Land

Google launches Data Manager API

Google’s new Data Manager API gives advertisers a simpler, centralized way to feed first-party data into its AI systems. Google is rolling out a new Data Manager API that lets you plug first-party ...
Forbes

OpenAI Data Breach Exposes User Data. Here’s What To Do Immediately

This voice experience is generated by AI. Learn more. This voice experience is generated by AI. Learn more. A few days ago, on November 26th, right before Thanksgiving, OpenAI, the maker of ChatGPT, ...
Reuters

JPMorgan secures deals with fintech aggregators over fees to access data, CNBC reports

Nov 14 (Reuters) - JPMorgan Chase (JPM.N), opens new tab has secured deals that will ensure it receives payments from fintech companies for access to its customer bank account data by third-party apps ...
techtimes

Wikipedia Wants Companies to Stop Scraping Data for AI Training, Offers Paid API Access Instead

Wikipedia has finally taken a stance against companies that scrape data from their website, particularly those that use it for training their AI models without consent, compensation, or permission ...
NBC DFW

Who is eligible for the AT&T settlement? Here's how to receive up to $7,500

AT&T customers are eligible to receive compensation from the telecommunications giant as part of a $177 million settlement over two data breaches last year. AT&T notified millions of customers that ...
GitHub

fetch API: targetAddressSpace public should internally set a flag instead of "do nothing"

Chrome extension behavior When I call the APIs from a chrome-extension: -URL, the specified targetAddressSpace is enforced as expected. When not given, the request continues without prompt, even if ...
SecurityWeek

Claude AI APIs Can Be Abused for Data Exfiltration

An attacker can inject indirect prompts to trick the model into harvesting user data and sending it to the attacker’s account. Attackers can use indirect prompt injections to trick Anthropic’s Claude ...
Bleeping Computer

Malicious NPM packages fetch infostealer for Windows, Linux, macOS

Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component that collects sensitive data from Windows, Linux, and macOS systems. The ...
marktechpost

Google AI Ships a Model Context Protocol (MCP) Server for Data Commons, Giving AI Agents ...

Google released a Model Context Protocol (MCP) server for Data Commons, exposing the project’s interconnected public datasets—census, health, climate, economics—through a standards-based interface ...