Worrying open-source security issue 'BadHost' could affect millions of AI agents, experts warn

The risk is "materially understated", researchers are saying as passwords and critical data can be exfiltrated.
Microsoft

How Storm-2949 turned a compromised identity into a cloud-wide breach

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft ...
InfoWorld

An open-source toolkit for controlling out-of-control AI agents

Microsoft’s Agent Governance Toolkit brings runtime policy enforcement to autonomous agents, based on the OWASP top 10 agent ...
Microsoft

From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence ...

Google blocked the first known AI-powered attack on 2FA accounts; here is how hackers tried to break in, know how to stay safe

Foreign hackers attempted a novel AI-powered cyberattack targeting two-factor authentication using a zero-day exploit. Google's Threat Intelligence Group detected and thwarted this sophisticated plot, ...
Dark Reading

For Enterprises, Security Remains Agentic AI's Biggest Challenge

Every company may need an agentic AI strategy, but the tools to allow frameworks such as OpenClaw to be securely used have ...

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.

Alibaba's Metis agent cuts redundant AI tool calls from 98% to 2% — and gets more accurate doing it

Alibaba's HDPO framework trains AI agents to skip unnecessary tool calls, cutting redundant invocations from 98% to 2% while boosting reasoning accuracy.

The Silent Heist: How the ‘TrapDoor’ Campaign is Hijacking Crypto and AI Developers

The security platform Socket has recently discovered an enormous worldwide malware operation that has been dubbed "TrapDoor".
Virtualization Review

Google I/O '26 Fills Out Enterprise Agent Stack with Managed Agents, ADK 2.0

Google followed its Cloud Next '26 Gemini Enterprise Agent Platform rollout and its Antigravity CLI transition with a broader I/O 2026 agent-development stack spanning Agent Studio, Managed Agents API ...
Observer Today

Duo receives SUNY Chancellor’s Award

Impressive academic credentials and campus engagement are traits shared by the State University of New York at Fredonia’s ...