Bleeping Computer

Twitter is warning devs that API keys and tokens may have leaked

Twitter is emailing developers stating that their API keys, access tokens, and access token secrets may have been exposed in a browser's cache. In an email seen by BleepingComputer, Twitter explains ...
ZDNet

Heroku to begin user password reset almost a month after GitHub OAuth token theft

Heroku has alerted a "subset" of its users that it is going to reset their passwords on May 4 unless they change passwords beforehand. In resetting the password, the company is warning that existing ...
InfoWorld

Public package repos expose thousands of API security tokens—and they’re active

JFrog’s new Xray Secrets Detection uncovered active access tokens in popular open-source software registries including Docker, npm, and PyPI. Here are our findings and takeaways. As part of the ...
heise online

Microsoft Edge Extensions: New Publish API for more security

Microsoft has introduced a new Publish API for the development of extensions for its Edge web browser. This is intended to provide functions for increased security and is currently available as an ...
Dark Reading

When Good Tokens Go Bad

Tokens are an identity's crown jewel for digital authentication and authorization. Whether they are human or machine, and instantiated as API tokens, OAuth credentials, session tokens, or ephemeral ...
Memeburn

China's Claude API Grey Market Sells AI Access at 90% Off — and Your Data Pays the Rest

China's Claude API grey market sells AI access at up to 90% off in 2026 — but your prompts, passwords, and private data may ...