AI companies keep publishing private API keys to GitHub

"Hugging Face tokens are notorious for allowing access to private AI models," said Berkovich. "The leaked Hugging Face token belonging to an AI 50 company could have exposed access to ~1,000 private ...
The Hacker News

GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites

Huntress finds three GootLoader infections since Oct 27, 2025; two led to domain controller compromise within 17 hours.
The Hacker News

CISO's Expert Guide To AI Supply Chain Attacks

AI-driven supply chain attacks surged 156% as breaches grew harder to detect and regulators imposed massive fines.