Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.

Toxic combinations form when AI agents, integrations, or OAuth grants bridge SaaS apps into trust relationships no single ...

Vercel breached after attacker compromised Context.ai, hijacked an employee's Google Workspace via OAuth, and accessed ...

Check Point researchers have found that popular AI coding assistants are unintentionally leaking sensitive internal data, ...

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.

A Vercel employee's AI tool OAuth grant gave attackers access to internal systems via a four-hop kill chain. Here's what ...

As AI tokens emerge as a new commodity, China's cost advantage is reshaping global model competition, though monetisation ...

A Linux variant of the GoGra backdoor uses legitimate Microsoft infrastructure, relying on an Outlook inbox for stealthy ...

Patching is not enough: applications embedding the insecure library will need to be rebuilt, and affected tokens and cookies expired. Developers are advised to check their applications after Microsoft ...

Microsoft released an emergency patch for its ASP.NET Core to fix a high-severity vulnerability that allows unauthenticated ...

A prompt injection attack hit Claude Code, Gemini CLI, and Copilot simultaneously. Here's what all three system cards reveal ...

GeckoTerminal is a decentralized exchange (DEX) aggregator and advanced price charting tool for cryptocurrency traders, ...