Enterprise Security Tech

A new wave of research is reshaping how security teams think about Google API keys. Long treated as low-risk identifiers for public services, these keys are now being linked to direct access into Gemini AI environments, creating a pathway for data exposure, service abuse, and unexpected financial impact. Security researchers from CloudSek are warning that thousands of Android applications may be unintentionally exposing access to Google’s AI infrastructure through hardcoded

A coalition of the world’s largest technology companies is betting that artificial intelligence can tip the balance in cybersecurity before attackers fully weaponize it. Anthropic this week unveiled Project Glasswing , a coordinated effort with industry heavyweights including Amazon, Apple, Microsoft, Cisco, CrowdStrike, Broadcom, Palo Alto Networks, and the Linux Foundation. The initiative centers on a new AI system called Claude Mythos Preview, a model designed to uncover d

Federal cybersecurity agencies are warning that Iran-affiliated hackers are actively exploiting weaknesses in the industrial control systems that underpin America’s water and energy infrastructure, signaling a renewed focus on operational disruption rather than simple espionage. In a joint advisory released , a coalition that includes the Cybersecurity and Infrastructure Security Agency, National Security Agency, Federal Bureau of Investigation, U.S. Cyber Command, Department

A newly disclosed vulnerability in OpenAI’s Codex environment is forcing a broader reckoning across the software industry, as researchers demonstrate how AI-powered coding tools can become high-value targets for credential theft and lateral movement inside developer ecosystems. Security researchers at BeyondTrust Phantom Labs uncovered a command injection flaw that allowed attackers to extract GitHub OAuth tokens directly from Codex execution environments. The issue, now pat

A critical vulnerability in Citrix NetScaler appliances is rapidly escalating from early reconnaissance into active exploitation, according to multiple security researchers tracking activity in the wild. The flaw, tracked as CVE-2026-3055, exposes enterprise systems to sensitive data leakage and is already drawing attention from threat actors probing internet-facing infrastructure. Security researchers at Defused Cyber and watchTowr report that attackers initially began by

Google has redrawn one of the most important timelines in cybersecurity. The company now says it aims to be ready for “Q Day” by 2029, a milestone when quantum computers could break the cryptographic systems that underpin global digital trust. That shift compresses what many in the industry expected to be a longer runway. It also signals a sharper sense of urgency around post-quantum cryptography, or PQC, as governments, cloud providers, and software vendors race to secure d