The malicious version of Cline's npm package — 2.3.0 — was downloaded more than 4,000 times before it was removed.

Self-hosted agents execute code with durable credentials and process untrusted input. This creates dual supply chain risk, ...

API security has been a growing concern for years. However, while it was always seen as important, it often came second to application security or hardening infrastructure.  In 2025, the picture ...

CISA ordered federal agencies on Thursday to secure their systems against a critical Microsoft Configuration Manager ...

ChatGPT's new Lockdown Mode can stop prompt injection - here's how it works ...

Apple's camera and microphone indicators are supposed to tell iPhone users when the microphone or camera are on, but after a device is fully compromised with kernel-level access by another hack, ...

"From an AI research perspective, this is nothing novel," one expert told TechCrunch.

A viral AI caricature trend may be exposing sensitive enterprise data, fueling shadow AI risks, social engineering attacks, ...

Modern PDF platforms can now function as full attack gateways rather than passive document viewers.

Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device ...

Why an overlooked data entry point is creating outsized cyber risk and compliance exposure for financial institutions.

Without a shared mental model of what an agent is, people can’t decompose it. And if it can’t be decomposed, security can’t be designed around it. The disasters make headlines. More commonly, though, ...