Security Boulevard

API Keys vs. JWTs: Choosing the Right Auth Method for Your API

A developer needs to connect a service to an API. The documentation says to generate an API key, store it in an environment variable and pass it in a header. Five minutes later, the integration works.
Bleeping Computer

Google: Malware abusing API is standard token theft, not an API issue

Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired. In late November 2023, ...
The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.
Bleeping Computer

Twitter is warning devs that API keys and tokens may have leaked

Twitter is emailing developers stating that their API keys, access tokens, and access token secrets may have been exposed in a browser's cache. In an email seen by BleepingComputer, Twitter explains ...
The Next Web

DeepSeek cuts V4-Pro prices by 75% and slashes cache costs across its entire API to a tenth

DeepSeek is offering a 75% discount on V4-Pro until 5 May and cutting API cache hit prices to 1/10 across its entire suite.
XDA Developers on MSN

Anthropic quietly nerfed Claude Code's 1-hour cache, and your token budget is paying the price

If you've been going through your token budget faster than ever, this change might be why.