Security Boulevard

API Keys vs. JWTs: Choosing the Right Auth Method for Your API

A developer needs to connect a service to an API. The documentation says to generate an API key, store it in an environment variable and pass it in a header. Five minutes later, the integration works.

A Claude code plugin in an afternoon: What I learned

Plugins for AI coding tools sound like complex infrastructure. In practice, Markdown files and an HTTP API are sufficient.
Microsoft

Inside an AI‑enabled device code phishing campaign

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.
Security Boulevard

CanisterWorm: The Self-Spreading npm Attack That Uses a Decentralized Server to Stay Alive

UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were receiving unauthorized patch updates, all containing the same hidden ...

Researchers discover OpenAI Codex vulnerability involving Unicode characters

Hackers can steal your GitHub tokens through OpenAI’s Codex using nothing more than a sneaky branch name ...

Techie Tonic: Two CISOs warn Axios breach changes supply chain trust model

Two CISOs dissect the Axios npm attack, revealing a self-erasing RAT, CI/CD compromise risks and why open-source software ...
GovInfoSecurity

Backdooring of JavaScript Library Axios Tied to North Korea

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

Event Sourcing meets MCP: The whole story for LLMs

Event Sourcing provides LLMs with the richest context. The Model Context Protocol makes this context accessible via a ...

Over 100 Chrome Web Store extensions steal user accounts, data

More than 100 malicious extensions in the official Chrome Web Store are attempting to steal Google OAuth2 Bearer tokens, ...

Cloudflare’s new Dynamic Workers ditch containers to run AI agent code 100x faster

Cloudflare says dynamically loaded Workers are priced at $0.002 per unique Worker loaded per day, in addition to standard CPU and invocation charges ...