Fake CVE exploit repos pull frint and skytext packages to steal researcher credentials, with servers still live as of July 1.
Rogue Agent, a vulnerability in Google Cloud Dialogflow CX, allowed attackers to control agents and exfiltrate sensitive data.
Multiple weaponized proof-of-concept (PoC) exploits on GitHub delivered a Python-based remote access trojan (RAT) called ChocoPoC that can execute commands and steal sensitive data. However, ChocoPoC ...
Google fixed Rogue Agent, a Dialogflow CX Code Blocks flaw that could let one writable agent affect every chatbot in a Cloud ...
According to Socket, malicious payment SDK packages on npm and PyPI are harvesting developer credentials and CI/CD ...
MotherDuck is launching Flights, an agent-native data pipeline that enables users to choose the MCP server and AI agent of their choice to build and deploy data pipelines in minutes using a flexible, ...
The global Java development ecosystem experienced significant structural changes this week following the introduction of a new OpenJDK enhancement draft alongside warnings from cybersecurity ...
A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram forks that allow attackers to read arbitrary files on compromised servers. At ...
Connect all your configuration files and autogenerate code—Jsonnet is the missing piece for large code bases.
ACRouter, a new open-source AI router, learns from execution feedback to pick the best coding model per task, cutting costs 2 ...
An exposed WP-SHELLSTORM server revealed tools, logs, cloud credentials, and thousands of webshells used in a large website ...
A single misconfigured server has exposed the complete toolkit of an active a three-actor phishing ecosystem. According to ...