JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Anthropic launched Claude Sonnet 5 on June 30, 2026, with introductory API pricing at $2/$10 per million tokens and agentic ...
They're not bad; they're just prompted that way. Sysdig threat hunters documented what they say is the first-ever documented ...
OpenAI API costs can spiral when agents run wild. Here's how to set spend limits, enable hard caps, and avoid surprise AI ...
SentinelOne details Gaslight, a Rust-based macOS implant linked to North Korea-aligned actors that uses prompt injection to ...
ChatGPT Enterprise Slack integration gained write-scope connector actions on June 22 — joining channels, uploading files, ...
An attacker broke into competitive-intelligence vendor Klue, stole OAuth tokens its customers use to connect to Salesforce ...
AI agents are handed the keys to the kingdom but can't always be trusted.
Gravity SMTP WordPress vulnerability CVE-2026-4020 has drawn 17 million automated exploit attempts since May 2026, draining ...
Wordfence has blocked 17M+ exploit attempts targeting a Gravity SMTP bug that leaks API keys, OAuth tokens, and full system reports without authentication.
A researcher claims an AI-assisted pipeline helped earn $500,000 in Google bug bounty payouts, raising API security and access-control concerns.
Humanity Protocol’s H token plunged more than 80 percent after attackers stole private keys tied to the project and drained over $30 million from at least 17 wallets. The thief has been dumping stolen ...