JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.

If reinstalling software feels repetitive, these tools have some ideas.

Three LiteLLM flaws let low-privilege users gain admin access and run code, exposing AI keys, secrets, prompts, and responses ...

A malicious npm package has been caught impersonating one of the JavaScript ecosystem's most widely used build tools. The ...

Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your ...

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...

Microsoft released MAI-Code, a model designed to convert plain-English descriptions into functional application code, pushing ...

Anthropic's Mythos Preview was highly effective at finding vulnerability candidates, especially when analyzing source code.

A reverse shell makes the target machine initiate the connection back to the attacker, bypassing firewalls that only filter ...

TL;DR Introduction At the start of this year, I wrote a blog on how 2025 was the ‘year of the infostealer’, and it doesn’t ...

Detection and analysis tools for the atomic-lockfile supply-chain attack on the Arch User Repository (AUR). This is a collection of all the scattered resources, especially the ones in the detection ...

CI/CD pipelines are optimized for code deployments. Long-running operational processes and self-service workflows can be ...