Threat actors compromised AsyncAPI packages and weaponized trusted CI/CD workflows to distribute malware through npm. This ...
AI agent security now has a purpose-built open-source guardrail: Ant Group released SingGuard-NSFA, a free framework that catches prompt injection and credential-theft patterns before AI agents ...
Indirect prompt injection attacks are now draining cryptocurrency from AI agents in production. Zscaler ThreatLabz documented ...
According to Socket, malicious payment SDK packages on npm and PyPI are harvesting developer credentials and CI/CD ...
Most widely cited AI coding benchmarks, including the original SWE-bench, were built primarily around Python repositories, meaning headline performance results may not accurately predict how coding ag ...
Zscaler found attackers using SEO poisoning and hidden prompts in malicious websites to manipulate AI agents into making cryptocurrency payments.
The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach ...
AI success depends on whether enterprise data is ready, reachable, and close enough to the workloads that need it. In this eSpeaks episode, Dell Technologies’ Vrashank Jain explains why fragmented ...
A critical vulnerability in Starlette, the open-source Python framework that powers an enormous chunk of the internet’s backend infrastructure, has put millions of AI agents and tools at risk of being ...
Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers. The attacker hijacked valid OpenID ...
A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the security risks of hallucinated dependencies. Attackers too are looking to cash ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results