In other news, a DHS database was hacked, Adobe is releasing patches twice a month, and Canada has disrupted ransomware operations.
A new attack technique dubbed HalluSquatting turns AI assistants’ tendency to hallucinate into a scalable infection vector.
According to Socket, malicious payment SDK packages on npm and PyPI are harvesting developer credentials and CI/CD ...
Malicious packages on the Node Package Manager (npm) and the Python Package Index (PyPI) delivered stealer malware to ...
A prompt injection attack can trick GitHub’s preview Agentic Workflows into retrieving content from private repositories and ...
Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.
Multiple weaponized proof-of-concept (PoC) exploits on GitHub delivered a Python-based remote access trojan (RAT) called ChocoPoC that can execute commands and steal sensitive data. However, ChocoPoC ...
OpenAI launches Patch the Planet to help open-source maintainers find, validate and fix software bugs with AI and human review.
TensorFlow Probability is a library for probabilistic reasoning and statistical analysis in TensorFlow. As part of the TensorFlow ecosystem, TensorFlow Probability provides integration of ...
Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...