Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

Kimi Work lets an AI agent loose on your local files, your browser, and your schedule—without routing everything through the ...

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...

VentureBeat surveyed 132 enterprise AI leaders: the production failure point isn't the model — it's the runtime layer most ...

Anthropic's Mythos Preview was highly effective at finding vulnerability candidates, especially when analyzing source code.

As companies adopt AI, many insurance firms are explicitly excluding AI risks, while others are forging ahead to create the ...

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...

I ditched my terminal for Claude's built-in code executor, and I'm not going back.

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...

The attacks stemmed from a GitHub account that was also compromised in a previous Miasma attack on Microsoft last month.