Communications of the ACM

Safe Coding

Safe coding is a collection of software design practices and patterns that allow for cost-effectively achieving a high degree ...
Security Boulevard

The AI Agent Identity Crisis: 80% of Agents Don’t Properly Identify Themselves, 80% of Sites Don’t Verify

AI agent identity verification fails at both ends. DataDome tested 698,000 sites—80% couldn't detect spoofed ChatGPT traffic. Here's why.
Analytics Insight

What Is Trafficmind and How Does It Stop Bot Attacks

Bot attacks are one of the most common threats you can expect to deal with as you build your site or service. One exposed ...
The Edge Singapore

Enterprise AI agent boom draws attention of state-sponsored hackers: reports

As Google reports AI misuse by state actors, Microsoft and Tenable highlight visibility and identity gaps inside fast-growing agent ecosystems.
LBC

China-linked hackers targeting UK infrastructure within days of vulnerabilities being exposed, threat report warns

For example, one China-linked group exploited a SQL injection vulnerability six days after proof-of-concept code was ...
Bleeding Cool

Mortal Thor #7 Preview: Hammer Time Meets Hyde's Havoc

Mortal Thor #7 hits stores Wednesday with Sigurd Jarlson on the run and Mr. Hyde targeting his loved ones. Can a man with a ...
OfficeChai

After Cloudflare Created Vercel’s Next.js In A Week Using AI, Vercel Discloses 7 Bugs In The New Framework

The ink was barely dry on Cloudflare’s announcement that it had rebuilt the most popular web framework in existence using AI ...

Automation tool n8n: Updates patch code injection flaws

In the automation tool n8n, eleven security vulnerabilities have been discovered. Three of these are considered critical ...

Shanon : New Open Source AI Pentester Powered By Claude Code

Shanon is an open source AI pentester built on the Claude SDK; runs cost about $60 in API credits, with CI/CD support; ...
SecurityWeek

900 Sangoma FreePBX Instances Infected With Web Shells

Hackers exploited CVE-2025-64328, a FreePBX command injection vulnerability, to infect hundreds of instances with web shells.

When AI Systems Can Act, Prompt Injection Becomes A Security Risk

The moment an AI system can read internal systems, trigger workflows, move money, send emails, update records or approve actions, the risk profile changes.
SecurityWeek

New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM

Hulud-like Sandworm_Mode supply chain attack targets NPM developers to steal secrets and poison AI assistants.