Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users from legitimate sign‑in pages to attacker‑controlled infrastructure.
CSO Online

‘Silent’ Google API key change exposed Gemini AI data

API key exploitation is more than hypothetical. In a different context, a student who reportedly exposed a GCP API key on GitHub last June was left nursing a $55,444 bill (later waived by Google) ...

Shanon : New Open Source AI Pentester Powered By Claude Code

Shanon is an open source AI pentester built on the Claude SDK; runs cost about $60 in API credits, with CI/CD support; ...
CSO Online

Your personal OpenClaw agent may also be taking orders from malicious websites

A critical OpenClaw flaw allowed malicious websites to connect to locally running agents, brute-force passwords without ...