Infosecurity Magazine

Cursor Extension Flaw Exposes Developer API Keys

Cursor flaw lets extensions steal API keys and session tokens without user interaction, according to researchers at LayerX ...

ClickUp Data Leak Exposes Enterprise Emails for Over a Year

A hardcoded ClickUp API key exposed hundreds of corporate and government emails for over a year, raising new SaaS security ...

Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw

Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by ...
Hosted on MSN

Cursor vulnerability raises risks for API key security

A severe vulnerability in the AI-powered development tool Cursor allows installed extensions to access locally stored API keys and session tokens without user action, according to LayerX researchers.
SecurityWeek

Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure

Hackers rushed to target a critical LiteLLM SQL injection flaw to steal keys, credentials, and environment-variable ...
Hosted on MSN

Study finds thousands of sites exposed API keys and other credentials

Researchers scanning 10 million webpages have found that nearly 10,000 pages contained live API credentials left in plain sight, potentially exposing access to services from cloud platforms to payment ...
TechJuice

This Popular AI Tool Was Hacked in Just 36 Hours (Here’s What Attackers Stole)

A critical pre-authentication SQL injection vulnerability in BerriAI’s LiteLLM Python package came under active exploitation ...
Security Boulevard

How a Long-Lived API Credential Let an AI Agent Delete Production Data

What began as a routine staging task for a SaaS startup ended in a disaster that  would have been unthinkable just months ago: an AI agent operating as a super insider threat and triggering a ...
Security Boulevard

How Escape AI Pentesting Exploited SSRF in LiteLLM

The post How Escape AI Pentesting Exploited SSRF in LiteLLM appeared first on Escape – Application Security & Offensive ...