Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...
IEEE

PAEWS: Public-Key Authenticated Encryption With Wildcard Search Over Outsourced Encrypted Data

Abstract: Public-key Encryption with Keyword Search (PEKS) is a promising cryptographic mechanism that enables a semi-trusted cloud server to perform (on-demand) keyword searches over encrypted data ...
heise online

Google's unprotected API keys a security and cost risk due to Gemini AI

Google is working to fix a problem with its API keys after security researchers pointed out possible misuse. This is because the keys for accessing Google's cloud services, such as Maps or Firebase, ...
Bleeping Computer

Previously harmless Google API keys now expose Gemini AI data

Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI assistant and access private data. Researchers found nearly 3,000 such ...
GitHub

Use of Hybrid Public Key Encryption (HPKE) with JSON Web Encryption (JWE)

This is the working area for the IETF JOSE Working Group Internet-Draft, "Use of Hybrid Public Key Encryption (HPKE) with JSON Web Encryption (JWE)".