AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.

With the rise of AI coding assistants continuing apparently unabated, some project maintainers have begun striking back. Ars Technica reports on projects putting hostile directions into the ...

I ditched my terminal for Claude's built-in code executor, and I'm not going back.

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...

Cybersecurity researchers at Aikido Security have uncovered a malicious supply chain attack targeting OpenAI Codex developers via the npm package “codexui-android”. While the associated GitHub ...

Learn how Anthropic's dynamic workflows handle complex task orchestration and discover the best use cases to avoid high token ...

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

Cybersecurity researchers create a five-step exploit chain using over-permissioned roles, secrets discovery, and NHIs to attack a popular low-code service.

CISA, the US government agency whose entire job is keeping America’s critical infrastructure safe from hackers, has had a ...

Entraclaw is a Python MCP server that gives a device-local agent its own Entra Agent ID and an Agent User that has all the capabilities of a human user in a Microsoft tenant. It can have a Teams ...

CVSS v4.0 9.4 (CRITICAL) — CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N CVSS v3.1 9.1 (CRITICAL) — AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N ...