At least 15 malicious plugins found on the JetBrains Marketplace were designed to steal AI API keys from developers. The campaign, discovered by Aikido Security, includes plugins that act as AI coding ...
A security flaw in the Gravity SMTP WordPress plugin has drawn more than 17 million automated exploit attempts since early May 2026 — and every site that ran an unpatched version while those attacks ...
At least 15 plug-ins for JetBrains IDEs transmit API keys to an external server, while otherwise offering their promised functions.
Researchers have uncovered a sustained campaign using GitHub's public APIs and ghost accounts to profile enterprise software ...
Threat actors are exploiting a vulnerability in Gitea’s reverse-proxy authentication mechanism to access internet-accessible instances by supplying only a valid username.
Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your security tools look.
a laptop screen with a webpage of the IT Army of Ukraine group of volunteer hackers. The IT Army of Ukraine first set up in the wake of Russia's devastating attack, and has since hugely grown in ...
A critical flaw in Gitea's official Docker image let anyone impersonate an admin with one forged header. Sysdig spotted the ...
XRP Ledger nears one million AI agent transactions through x402 as automated payments expand while XRP gains technical ...
EvilTokens uses AES-GCM encrypted HTML and Microsoft Device Code Phishing to hide Microsoft 365 account takeover pages until ...
A new framework called SkillWeaver tackles AI agent tool routing by skipping full-library loading, cutting token use 99% on ...
Featured, the AI co-pilot for PR, today announced the general availability of its Model Context Protocol (MCP) server, giving PR professionals a way to connect Claude, Cursor, VS Code, and any other ...