According to Socket, malicious payment SDK packages on npm and PyPI are harvesting developer credentials and CI/CD ...
Malicious packages on the Node Package Manager (npm) and the Python Package Index (PyPI) delivered stealer malware to ...
A prompt injection attack can trick GitHub’s preview Agentic Workflows into retrieving content from private repositories and ...
A view of the H1 2026 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts.
A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed LiteLLM is a widely ...
The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI models before authentication is checked. Researchers have published details ...
VentureBeat made with Google Gemini 3.1 Pro Image Anthropic appears to have accidentally revealed the inner workings of one of its most popular and lucrative AI products, the agentic AI harness Claude ...
A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
An investigation into what appeared at first glance to be a “standard” Python-based infostealer campaign took an interesting turn when it was discovered to culminate in the deployment of a ...
Fake Alibaba Labs AI SDKs hosted on PyPI included PyTorch models with infostealer code inside. With support for detecting malicious code inside ML models lacking, expect the technique to spread.
Copilot in Excel introduces new finance-focused capabilities that help teams work to their standards, use trusted financial data, and stay in control of every change. GPT‑5.5 Instant is now available ...