Valid certificates, stolen accounts: how attackers broke npm's last trust signal

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...

Security Researcher: WordPress 7.0 Could Trigger Rush To Steal AI API Keys

WordPress 7.0 exposes AI API keys. Security researcher says there "will be an absolute rush by hackers to steal API keys" ...