Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

I ditched my terminal for Claude's built-in code executor, and I'm not going back.

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...

Kimi Work lets an AI agent loose on your local files, your browser, and your schedule—without routing everything through the ...

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...

Anthropic's Mythos Preview was highly effective at finding vulnerability candidates, especially when analyzing source code.

Cybersecurity researchers create a five-step exploit chain using over-permissioned roles, secrets discovery, and NHIs to attack a popular low-code service.

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...

VentureBeat surveyed 132 enterprise AI leaders: the production failure point isn't the model — it's the runtime layer most ...

The attacks stemmed from a GitHub account that was also compromised in a previous Miasma attack on Microsoft last month.

AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.