Over 750,000 websites require patching following discovery of DotNetNuke XSS vulnerability ...

CVE-2026-42208 exploited within 36 hours of disclosure, exposing LiteLLM credentials, risking cloud account compromise.

ThreatDown’s EDR team discovered a sophisticated, multi-stage attack chain during an active investigation; the first documented case of attackers abusing the Deno runtime as a malware execution ...

A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 "sleeper" extensions that turn malicious ...

Google's security team scanned billions of web pages and found real payloads designed to trick AI agents into sending money, ...

Abstract: While NoSQL databases continue to enjoy an ever-growing popularity, NoSQL security is yet to receive the attention from the industry or academia it deserves according to recent studies.

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

Researchers say a prompt injection bug in Google's Antigravity AI coding tool could have let attackers run commands, despite ...

The supply chain attack on third-party library Axios has forced OpenAI to revoke its code-signing certificate and require ...

Everyone knows deepfakes are a massive problem for financial services. The 2024 case of the deepfake video call that cost a company in Hong Kong 25 million dollars is approaching the status of legend.

Security leaders must adapt large language model controls such as input validation, output filtering and least-privilege access for artificial intelligence systems to prevent prompt injection attacks.

Dutch healthcare software vendor ChipSoft has been impacted by a ransomware attack that forced the company to take offline its website and digital services for patients and healthcare providers.