An open WP-SHELLSTORM server exposed tools, logs, and target lists naming 1.4 million sites, with researchers validating ...
A Russian-speaking threat actor known as "bandcampro" used Google's open-source Gemini CLI AI tool as a hacking agent and to ...
A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit, ...
AI Now’s Friendly Fire PoC shows Claude Code and Codex running README-planted payloads on hosts when autonomous command ...
The FBI warned that TeamPCP software supply chain attacks targeted developer tools to steal cloud credentials, SSH keys, and ...
Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your security tools look.
Omp (oh-my-pi) is a batteries-included terminal coding agent with LSP, debugger, subagents and hash-anchored edits. Here's ...
Discover how the Rogue Agent vulnerability in Google Dialogflow CX enabled persistent AI agent compromise, data exfiltration, ...
Attackers exploited Langflow vulnerability CVE-2025-3248 to conduct an agentic AI-powered ransomware attack involving reconnaissance, credential theft, and lateral movement.
A coding LLM doesn't care whether you code, just whether your input has rules ...
Citrix NetScaler received patches for another memory leak vulnerability similar to CitrixBleed, as well as memory overflow, file read and denial-of-service issues ...
JadePuffer, a ransomware operation, used an AI agent to carry out much of the intrusion chain from reconnaissance, key theft, ...