A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI supply chain risks.
Agentic coding tools vulnerable to command execution via DNS records ...
What actually changed wasn't automation.
Kaspersky says the attacks use phishing, GitHub-hosted payloads, CVE-2025-9491 LNK abuse, and Go2Tunnel-based tunneling.
Armored Likho BusySnake Stealer, a Python-based infostealer first disclosed by Kaspersky, is actively targeting government ...
Armored Likho, a new APT group using AI-generated malware and the BusySnake Stealer to target government agencies and power ...
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
An anonymous researcher has dumped what they say is working exploit code for zero-day vulnerabilities across 15 software ...
Switchzilla amid reports of new serious vulnerabilities under attack. First up is a server-side request forgery bug in its Unified Communications Manager tracked as CVE-2026-20230. Cisco disclosed and ...
Lapse… so does this $25 Raspberry Pi Zero! Tiny, lightweight, and incredibly versatile. Mount it anywhere—from rooftops to ...
Microsoft GitHub hack hit open-source AI tools, exposing developer passwords and cloud credentials. Here’s why SA tech teams should care.