Security Boulevard

Carelessness versus craftsmanship in cryptography

Two popular AES libraries, aes-js and pyaes, “helpfully” provide a default IV in their AES-CTR API, leading to a large number of key/IV reuse bugs. These bugs potentially affect thousands of ...

What 5 Million Apps Revealed About Secrets in JavaScript

Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery - until now. Intruder's research team built a new secrets detection method and scanned 5 ...

Salt Security Expands ‘Universal Visibility’ with API Security for Databricks and Edge Support for Netlify

LONDON, UNITED KINGDOM, January 22, 2026 / EINPresswire.com / — New capabilities extend Salt’s discovery engine into the Agentic AI Action Layer and modern composable web architectures, providing the ...
InfoWorld

Open source maintainers are being targeted by AI agent as part of ‘reputation farming’

“Once contribution and reputation building can be automated, the attack surface moves from the code to the governance process around it. Projects that rely on informal trust and maintainer intuition ...
InfoQ

OpenAI Publishes Codex App Server Architecture for Unifying AI Agent Surfaces

OpenAI has recently published a detailed architecture description of the Codex App Server, a bidirectional protocol that decouples the Codex coding agent's core logic from its various client surfaces.