Research by AppSec biz Checkmarx finds that 70 percent of developers believe AI-generated code has more vulnerabilities, and ...

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

CISA added CVE-2026-42271, a high-severity LiteLLM command injection flaw, to its KEV catalog after evidence of active ...

AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.

Anthropic's Mythos Preview was highly effective at finding vulnerability candidates, especially when analyzing source code.

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...

You might, for example, innocently instruct an AI agent to summarise a thousand-page external document, cross-reference its ...

A new variant of the Gafgyt botnet called C0XMO is targeting DD-WRT router firmware and can move to other device types with ...

The second point of emerging consensus is that a fundamental remaking of that order has become essential. The American role in preserving the old order had become counterproductive and unsustainable, ...

AID, launched under the Linux Foundation, lets AI agents find each other through existing DNS infrastructure using SVCB ...

To stop this from spiraling, Anthropic calls for a verifiable, industry-wide pause—a kind of AI arms-control treaty—because ...