According to Socket, malicious payment SDK packages on npm and PyPI are harvesting developer credentials and CI/CD ...
IBM and Red Hat have launched Lightwell to automate vulnerability remediation across enterprise open-source software ...
JadePuffer, a ransomware operation, used an AI agent to carry out much of the intrusion chain from reconnaissance, key theft, ...
A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit, ...
QR code phishing – also known as quishing – has reached record levels in ESET telemetry. ESET analyzed nearly 900,000 AI ...
Ollama, the open-weight AI platform that lets developers run large language models on their own hardware with a single terminal command, closed a $65 million Series B on Thursday — and the most ...
Developed with leading global financial institutions and backed by a growing partner ecosystem, the new Lightwell offerings help enterprises mitigate open source risk without disruptive ...
Intruder built an AI-powered "vulnerability vending machine" that combines code slicing with LLMs to automatically discover ...
Google released the Genkit Agents API in preview for TypeScript and Go. The open-source framework packages message history, ...
Researchers reported the flaw to Cursor in December, but it still remains in the popular AI coding platform and can be used ...
When Ying Zhang was a doctoral student at Virginia Tech, she spent years learning to think like an attacker—probing software ...
A new attack technique dubbed HalluSquatting turns AI assistants’ tendency to hallucinate into a scalable infection vector.