For more than a year, a self-propagating worm rode VS Code extensions, npm packages, and stolen developer credentials through ...

Microsoft’s Agent Governance Toolkit brings runtime policy enforcement to autonomous agents, based on the OWASP top 10 agent ...

Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers ...

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to ...

GGUF parser vulnerabilities disclosed May 15, 2026 include a critical integer overflow that lets any malicious model file trigger arbitrary memory reads — affecting Ollama, LM Studio, and every local ...

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

Google has introduced Middleware for Genkit, its open-source framework for building AI-powered and agentic applications. The ...

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...

GitHub has said it found about 3,800 internal repositories accessed in the breach and stressed that these contained its own code rather than customer projects. The ...

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...

CNCF graduation, Microsoft tooling updates and cloud-provider support show broader OpenTelemetry adoption across developer platforms.