According to Socket, malicious payment SDK packages on npm and PyPI are harvesting developer credentials and CI/CD ...
JadePuffer could be the first reported case of a ransomware attack driven by AI from start to finish. How can businesses ...
An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
SentinelOne details Gaslight, a Rust-based macOS implant linked to North Korea-aligned actors that uses prompt injection to hinder AI triage.
Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed LiteLLM is a widely ...
Our system did one thing, and it did it well: It turned natural-language questions into API calls. The users were analysts, account managers, and operations leads. They knew what data they needed, but ...
GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...
In early 2025, CISA added CVE-2025-3248 to their Known Exploited Vulnerabilities catalog. It was an unauthenticated remote code execution bug in Langflow, the popular open-source AI workflow builder ...
Last time, we brought back two keys from the uncharted territory known as the "Developer Portal": the App Key and the App Secret. However, just having these keys is not enough for the Saxo Bank ...