Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...
InfoWorld

Anthropic acquires Stainless to strengthen Claude’s developer tooling

The deal gives Anthropic tighter control over how developers connect Claude to software and business systems as AI vendors ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...
InfoWorld

9 application security startups combating AI risks

AI is collapsing the security boundaries between code, pipeline, and runtime. These startups are racing to fill the gaps.
Microsoft

How Storm-2949 turned a compromised identity into a cloud-wide breach

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft ...
Ventureburn

5 Quant Trading Tools With AI Automation for Beginners in 2026

Quant trading tools are becoming more accessible in 2026, although trading risk remains. AI trading bots are generally used ...

Microsoft Self-Service Password Reset abused in Azure data theft attacks

A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate ...
Virtualization Review

Google I/O '26 Fills Out Enterprise Agent Stack with Managed Agents, ADK 2.0

Google followed its Cloud Next '26 Gemini Enterprise Agent Platform rollout and its Antigravity CLI transition with a broader I/O 2026 agent-development stack spanning Agent Studio, Managed Agents API ...

Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...
Tech Times

GitHub CISO Names Nx Console as Root of 3,800-Repo Breach: OpenAI, Grafana Also Hit

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...

OpenAI And 1Password Bring Agentic Security To Codex

OpenAI and 1Password unveil a partnership that will provide Codex with secure access to credentials as part of new approach ...

Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering

Four supply-chain attacks hit OpenAI, Anthropic, and Meta in 50 days — none inside the model. A 7-row matrix maps what AI ...