A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

Cybersecurity researchers create a five-step exploit chain using over-permissioned roles, secrets discovery, and NHIs to attack a popular low-code service.

A recent Stack Overflow survey found that more than 84% of developers are already using or planning to use AI tools in their workflow. After trying OpenAI Codex for myself, I understand why. Like many ...

Massive regional C2 footprint More than 1.3K C2 Servers Discovered in the Middle East Hunt.io said it identified more than ...

FROST exploits the Origin Private File System (OPFS), a browser API that lets websites create and store files on a user's local disk.

Two months after Rapid7 discovered the hole in the Git service, the project maintainer has yet to patch the bug.

Anthropic has announced two new security features for its Claude AI: a self-hosted sandbox and a new security guidance plugin ...

Over a six-week stretch in spring 2026, OpenAI rebuilt what its Codex product actually is. On April 16, the company released a major Codex update titled “Codex for (almost) everything,” ...

I built a coding tutor that won't let me cheat my way through it. Here's the prompt.

A critical Adobe Acrobat zero-day has been exploited for months via malicious PDFs to steal data and potentially take over systems, with no patch yet available. Attackers have been exploiting a ...

Web infrastructure giant Cloudflare is seeking to transform the way enterprises deploy AI agents with the open beta release of Dynamic Workers, a new lightweight, isolate-based sandboxing system that ...

Google has pushed out an emergency Chrome update to fix two previously unknown vulnerabilities that attackers were already exploiting before the patches landed. The bugs, tracked as CVE-2026-3909 and ...