TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence ...

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...

GitHub confirms breach of 3,800 internal repos after employee installs poisoned VS Code extension - SiliconANGLE ...

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.

On May 11, the same day Google's Threat Intelligence Group disclosed the first confirmed case of attackers using AI to build ...

The 2FA bypass exploit stemmed from a faulty trust assumption, providing evidence of AI reasoning that can discover ...

Attackers are realizing that instead of hacking a hardened server, they can just trick one developer into installing a ...

Google's GTIG identified the first zero-day exploit developed with AI and stopped a mass exploitation event. The report documents state actors using AI for vulnerability research and autonomous ...

A cybercriminal group came close to launching a mass attack earlier this year, armed with a software exploit that an AI model ...