Indirect prompt injection attacks are now draining cryptocurrency from AI agents in production. Zscaler ThreatLabz documented ...
New VentureBeat survey data: 69% of enterprises share AI agent credentials, letting one compromised agent inherit the access ...
Hackers compromised the Injective Labs SDK project's GitHub repository and used it to publish a malicious package on the Node ...
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp.
Local LLMs are good enough for many tasks ...
Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...
Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other sensitive data. Developers searching for Claude Code installation instructions ...
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor ...
Google API keys aren't completely inactive after users delete them, giving attackers a small but significant window to continue abusing them. Joe Leon, researcher at Belgian startup Aikido Security, ...
AI agents and custom AI-powered applications are rapidly becoming commonplace in production. But to implement them, engineering teams are connecting large language models (LLMs) to internal databases, ...
Alex has been a video game journalist since 2019. You can find her articles on IGN, Android Central, Windows Central, GameRant, and more. She has written on a variety of topics including PC gaming, ...