The malicious version of Cline's npm package — 2.3.0 — was downloaded more than 4,000 times before it was removed.

Self-hosted agents execute code with durable credentials and process untrusted input. This creates dual supply chain risk, ...

Apple's camera and microphone indicators are supposed to tell iPhone users when the microphone or camera are on, but after a device is fully compromised with kernel-level access by another hack, ...

Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device ...

Without a shared mental model of what an agent is, people can’t decompose it. And if it can’t be decomposed, security can’t be designed around it. The disasters make headlines. More commonly, though, ...

It lives on your devices, works 24/7, makes its own decisions, and has access to your most sensitive files. Think twice before setting OpenClaw loose on your system.

Enkrypt AI introduces open-source protection for the AI development supply chain, securing coding assistant Skills ...

Earlier this month, the now viral social network Moltbook exposed 1.5 million API authentication tokens and 35,000 email addresses within days of launch. The cause: a single misconfigured database ...

The vulnerability of the “connective tissue” of the AI ecosystem — the Model Context Protocol and other tools that let AI agents communicate — “has created a vast and often unmonitored attack surface” ...

AI tools are fundamentally changing software development. Investing in foundational knowledge and deep expertise secures your ...

Security leaders have long said that governance is a security function, not just a compliance task. With agentic AI, this is ...