Android mental health apps with 14.7M installs filled with security flaws

Several mental health mobile apps with millions of downloads on Google Play contain security vulnerabilities that could expose users' sensitive medical information.
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
GitHub

Expose your FastAPI endpoints as Model Context Protocol (MCP) tools, with Auth!

If you prefer a managed hosted solution check out tadata.com. FastAPI-MCP is designed as a native extension of FastAPI, not just a converter that generates MCP tools from your API. This approach ...
The Hacker News

ThreatsDay Bulletin: OpenSSL RCE, Foxit 0-Days, Copilot Leak, AI Password Flaws & 20+ Stories

ThreatsDay Bulletin tracks active exploits, phishing waves, AI risks, major flaws, and cybercrime crackdowns shaping this week’s threat landscape.
SecurityWeek

OpenClaw Security Issues Continue as SecureClaw Open Source Tool Debuts

OpenClaw faces security vulnerabilities and misconfiguration risks despite rapid patches and its transition to an ...
GitHub

Sophos Firewall Python SDK

The Sophos Firewall Python SDK was developed by a small community of engineers within Sophos who will be maintaining the project. Questions can be posted to the Q&A section of the Github project. If ...
SecurityWeek

API Threats Grow in Scale as AI Expands the Blast Radius

Most API vulnerabilities are fast, remote, and easy to exploit. Attackers take full advantage of these attributes.