The decentralized identity protocol said a compromised employee's laptop let attackers seize its bridges and mint tokens at ...

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...

Perplexity introduced Search as Code as a reference architecture for AI-written Python search workflows, following its 2025 real-time Search API. The new approach shifts the pitch from repeatedly ...

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

I ditched my terminal for Claude's built-in code executor, and I'm not going back.

Anthropic's Daniela Amodei weighs in on tokenmaxxing, AI adoption, and why companies shouldn't force AI use.

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...

The codexui-android npm package silently exfiltrated OpenAI Codex auth tokens to an attacker server for a month, affecting 29,000 weekly downloads.

VentureBeat surveyed 132 enterprise AI leaders: the production failure point isn't the model — it's the runtime layer most ...

Cybersecurity researchers at Aikido Security have uncovered a malicious supply chain attack targeting OpenAI Codex developers via the npm package “codexui-android”. While the associated GitHub ...