PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.

Quick and simple solutions, thanks to the internet.

Phishing surge, LinkedIn tracking claims, spyware use, and rising stealers expose growing abuse of trusted systems.

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

Shortly after the release of macOS 26.4 Tahoe (see “ OS 26.4 Adds AI-Generated Playlist Playground, Separates Family Sharing Purchases,” 25 March 2026), several TidBITS Talk users began reporting ...

Google Cloud API keys, normally used as simple billing identifiers for APIs such as Maps or YouTube, could be scraped from websites to give access to private Gemini AI project data, researchers from ...

Google is facing renewed security scrutiny after researchers revealed that publicly exposed API keys can be abused to access Gemini AI services. The issue centers on Google API keys embedded in client ...

Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI assistant and access private data. Researchers found nearly 3,000 such ...

IBM has released security updates to address a critical IBM API Connect vulnerability that could allow remote attackers to bypass authentication controls and gain unauthorized access to affected ...

Rated 9.8 out of 10 in severity, the flaw could allow a remote attacker to gain unauthorized access to applications. IBM is urging customers to quickly patch a critical vulnerability in its API ...