Slopsquatting represents an emerging supply chain threat made possible by AI hallucinations. As developers increasingly rely ...
A newly-disclosed exploit in Claude Code’s ‘auto-mode’ leaves developers facing remote code execution (RCE) vulnerabilities ...
Researchers at the AI Now Institute developed a proof-of-concept exploit showing common AI tools used for security could ...
An open WP-SHELLSTORM server exposed tools, logs, and target lists naming 1.4 million sites, with researchers validating ...
In Operation Muck and Load, over 200 GitHub repositories serve a Go module that leads to Windows malware infections.
New activity targets CVE‑2026‑20230, an SSRF bug that can allow unauthenticated file writes and potential root‑level access on vulnerable systems. A critical Cisco Unified CM vulnerability is now ...
Chainguard will use AI to protect open-source code. Athena pools open-source users, developers, and maintainers. Others are also using AI to secure open-source code. As Chainguard puts it, "The gap ...
In response to an arcane but incredibly lucrative exploit discovered by Forza Horizon 6 players, Playground Games has confirmed that those who used the method to accumulate massive amounts of credits ...
Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...
As global travel becomes easier, organized crime networks are increasingly exploiting tourism, visa programs, and open-border systems to commit theft, fraud, burglary, and other crimes across multiple ...
A popular npm package for OpenAI Codex with 29,000 weekly downloads has been stealing developer authentication tokens for a month. The same credential-theft chain also ran through two Android apps ...
Attackers have reduced the time to develop an exploit for a known vulnerability from 125 days to a mere half a day, thanks to the use of AI-assisted development, leaving vulnerability scanners ...