Previously harmless Google API keys now expose Gemini AI data

Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

Anthropic Tool Calling Updates Cut Tokens 30–50% in Multi-Step Agent Tasks

Anthropic updates tool calling to reduce token use; tool search cuts tokens up to 80%, making larger tool sets practical.

Fake 'interview' repos lure Next.js devs into running secret-stealing malware

Come for the coding test, stay for the C2 traffic Next.js developers are once again in the crosshairs as hackers seed ...
Google Glass Almanac

How North Korean hackers are exploiting blockchain to target crypto users

What makes this campaign so striking is not just the malware, but where it is being stored. By shifting malicious code into ...

Alchemy introduces autonomous payment rails for AI agents on Base

Alchemy unveiled a system enabling AI agents to autonomously pay for and access blockchain data using USDC on Base, as agent adoption expands across crypto platforms.

Google Explains Why Its Crawler Ignores Your Resource Hints

Google's Gary Illyes clarifies why resource hints do not influence Googlebot's crawling behavior, and notes that HTML ...
9to5Google

Google details MCP-like ‘AppFunctions’ that let Gemini use Android apps

Following the Gemini automation announcement today, Google is detailing how all this works under the hood on Android.