The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
Stark Insider

7 Ways to Stop Bleeding Money on AI API Calls

AI API calls are expensive. After our always-on bot burned through tokens, we found seven optimization levers that cut costs ...
RCR Wireless News

Telefónica on making Open Gateway APIs agent-ready

Earlier this month, Telefónica and Nokia announced a collaboration to test how AI software agents could support the use of network APIs, as part of the GSMA Open Gateway initiative.
ChannelVision Magazine

SolarWinds Updates Partner Program

SolarWinds, a provider of secure observability and IT management software, has updated its partner program with new benefits, enablement and demand generation investments designed to help partners ...
theregister

Someone's attacking SolarWinds WHD to steal high‑privilege credentials - but we don't know who or how

Digital intruders exploited buggy SolarWinds Web Help Desk (WHD) instances in December to break into victims' IT environments, move laterally, and steal high-privilege credentials, according to ...
Redmond Magazine

Microsoft Warns of Active SolarWinds Web Help Desk Exploitation

Microsoft observed active exploitation of internet-exposed SolarWinds Web Help Desk vulnerabilities enabling lateral movement. Attackers abused legitimate tools, PowerShell, and RMM software to ...
cybernews

Another active exploitation of SolarWinds Web Help Desk detected

Active exploitation of newly disclosed SolarWinds Web Help Desk vulnerabilities is underway, with attackers rapidly weaponizing internet-exposed instances for remote code execution and follow-on ...
SiliconANGLE

SolarWinds bets on partners with richer incentives and deeper enablement

Observability and information technology management software company SolarWinds Worldwide LLC today unveiled a revitalized partner program that introduces new benefits, enablement and demand ...
cybernews

SolarWinds Web Help Desk users under threat as vulnerability actively exploited

CISA has warned SolarWinds Web Help Desk users that a remote code execution (RCE) vulnerability, patched by the vendor last week, is being actively exploited. CVE-2025-40551 was added to CISA’s Known ...
CSOonline

What CISOs should know about the SolarWinds lawsuit dismissal

The SEC’s dismissal of its lawsuit against SolarWinds and its CISO brought widespread relief to cybersecurity leaders and potentially marks a turning point for how regulators, boards, and executives ...
Law

Litigators of the (Past) Week: The SEC Walks Away From Its Case Against SolarWinds, Top Cybersecurity Officer

Late last month, the U.S. Securities and Exchange Commission agreed to dismiss claims that the software company concealed cyber vulnerabilities in the lead-up to the high-profile 2020 Sunburst attack.
IEEE

GAME-RL: Generating Adversarial Malware Examples Against API Call Based Detection via Reinforcement Learning

Abstract: The adversarial example presents new security threats to trustworthy detection systems. In the context of evading dynamic detection based on API call sequences, a practical approach involves ...