Supply chain attacks with a Dune sci-fi saga branding continue to spread across the open-source ecosystem, with a Microsoft ...

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...

The hacker group TeamPCP uploaded two malicious versions of the popular Python library LiteLLM to PyPI. Using a previously compromised version of the vulnerability scanner Trivy, the attackers stole ...

Then imagine it replying: "Sorry, the website won't let me in." That's the quiet failure mode behind most AI agents today.

Google's GTIG identified the first zero-day exploit developed with AI and stopped a mass exploitation event. The report documents state actors using AI for vulnerability research and autonomous ...

An attacker poisoned 84 TanStack npm versions across 42 packages, stealing GitHub OIDC tokens and cloud keys while planting a ...

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...

Google says attackers are using AI for zero-day research, malware development, reconnaissance, and access to premium AI tools ...

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

Whether you want simple fire-and-forget alerts or full two-way control, here's how to securely wire your AI agent into Slack.

Google identified the first malicious AI use for a zero-day 2FA bypass in an open-source admin tool, accelerating threat ...