Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Google API keys aren't completely inactive after users delete them, giving attackers a small but significant window to continue abusing them. Joe Leon, researcher at Belgian startup Aikido Security, ...

Supported Releases: These releases have been certified by Bloomberg’s Enterprise Products team for use by Bloomberg customers. Experimental Releases: These releases have not yet been certified for use ...

A researcher claims an AI-assisted pipeline helped earn $500,000 in Google bug bounty payouts, raising API security and ...

Google upgrades Gemini 3.5 Flash with native computer use, enabling custom agents across browser, mobile & desktop plus new ...

Researchers found 15 malicious JetBrains plugins posing as AI coding tools that exfiltrate OpenAI, DeepSeek, and SiliconFlow ...

Google has accidentally leaked details about an unfixed issue in Chromium that keeps JavaScript running in the background even when the browser is closed, allowing remote code execution on the device.

GitHub’s Agent Finder uses ARD to support AI agent discovery across selected catalogues of tools, skills, MCP servers, and ...

Follow this section to personalize your feed and get instant alerts. WHY FOLLOW? Update your preferences in Account Settings Personalized Content Follow this tag to personalize your feed and get ...