According to Socket, malicious payment SDK packages on npm and PyPI are harvesting developer credentials and CI/CD ...
IBM and Red Hat have launched Lightwell to automate vulnerability remediation across enterprise open-source software ...
JadePuffer, a ransomware operation, used an AI agent to carry out much of the intrusion chain from reconnaissance, key theft, ...
A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit, ...
QR code phishing – also known as quishing – has reached record levels in ESET telemetry. ESET analyzed nearly 900,000 AI ...
Ollama, the open-weight AI platform that lets developers run large language models on their own hardware with a single terminal command, closed a $65 million Series B on Thursday — and the most ...
Developed with leading global financial institutions and backed by a growing partner ecosystem, the new Lightwell offerings help enterprises mitigate open source risk without disruptive ...
Cybersecurity firm Novee has identified a GitHub Actions workflow-chain risk that can expose secrets even when checks pass, ...
Google released the Genkit Agents API in preview for TypeScript and Go. The open-source framework packages message history, ...
When Ying Zhang was a doctoral student at Virginia Tech, she spent years learning to think like an attacker—probing software ...
A new attack technique dubbed HalluSquatting turns AI assistants’ tendency to hallucinate into a scalable infection vector.
AI Now’s Friendly Fire PoC shows Claude Code and Codex running README-planted payloads on hosts when autonomous command ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results