JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.

If reinstalling software feels repetitive, these tools have some ideas.

Three LiteLLM flaws let low-privilege users gain admin access and run code, exposing AI keys, secrets, prompts, and responses ...

Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your ...

Microsoft released MAI-Code, a model designed to convert plain-English descriptions into functional application code, pushing ...

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...

A reverse shell makes the target machine initiate the connection back to the attacker, bypassing firewalls that only filter ...

Surface RTX Spark Dev Box is a compact, small-form-factor desktop PC that is built specifically for developers and data ...

A malicious npm package has been caught impersonating one of the JavaScript ecosystem's most widely used build tools. The ...

Detection and analysis tools for the atomic-lockfile supply-chain attack on the Arch User Repository (AUR). This is a collection of all the scattered resources, especially the ones in the detection ...

CI/CD pipelines are optimized for code deployments. Long-running operational processes and self-service workflows can be ...

A three-CVE chain lets any default LiteLLM user escalate to admin and get a shell on the gateway server. A separate RCE is ...