Attention: You are using an outdated browser, device or you do not have the latest version of JavaScript downloaded and so this website may not work as expected. Please download the latest software or switch device to avoid further issues.
Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender. More...
Attackers are using AI to dramatically reduce the time they need to develop a working exploit for a CVE, according to new research. More...
High-autonomy agents with broad permissions and unfettered access are a recipe for disaster, and enterprises need to act now before they become the ne… More...
AI agents aren't black boxes — they're models interacting with software tools. The risk lies in their overlap. More...
SharePoint access often means access to the keys of the kingdom, something attackers and defenders understand all too well. More...
A security researcher discovered the API keys can still be used for up to 23 minutes after deletion, even though the cloud provider claims deletion is… More...
GitHub confirmed a data breach this week involving the theft of thousands of developer code repositories. One threat actor — TeamPCP — took credit. More...
Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation … More...
A Nitrogen ransomware attack on Foxconn's North American facilities is one of 600 hits on manufacturers this year, as gangs increasingly target the se… More...
Malicious repositories can trigger code execution in Claude Code, Cursor CLI, Gemini CLI, and CoPilot CLI with minimal or no user interaction, thanks … More...
Cyber adversaries have long used AI, but now attackers are using large language models to develop exploits and orchestrate complex attacks. More...
A proof-of-concept exploit (PoC) shows how someone with admin privileges can exploit the issue to steal passwords, and thus use them to engage in furt… More...
The issue isn't artificial intelligence, but rather an industry adding AI agent integrations into production environments before proper security testi… More...
Cisco found and fixed a significant vulnerability in the way Anthropic handles memories, but experts warn that mishandled memory files will continue t… More...
AI's danger isn't that it's creating new bugs, it's that it's amplifying old ones. More...
The prompt-injection vulnerability in the agentic AI product for filesystem operations was a sanitization issue that allowed for sandbox escape and ar… More...
Chained Bypasses Exfiltrate Data Via Hidden AI Prompts More...
Attackers can abuse the near-maximum severity flaw in nginx-ui to restart, create, modify, and delete NGINX configuration files. More...
In a new report from the Cloud Security Alliance (CSA), experts warn of an "AI vulnerability storm" triggered by the introduction of Anthropic's Claud… More...
Its Mythos Preview model, which can allegedly find and exploit critical zero-days, also comes with certain controls, the vendor said. More...
