CVE-2026-42208 exploited within 36 hours of disclosure, exposing LiteLLM credentials, risking cloud account compromise.

For decades, this type of no-skill hacker, known as a script kiddie, has wreaked havoc, running scripts they ripped from the ...

This was not a case of stolen credentials, but rather of vulnerability exploitation.

Note: This is the second of a two-part series on what 2026 holds in store for cybersecurity from both a technology and an executive management perspective. Today, we look at how resilience, executive ...

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...

Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware ...

AI bug discovery is speeding up how software vulnerabilities are found, and in some cases turning them into working exploits ...

A single unauthenticated connection gives attackers a full shell; credential theft observed in under three minutes on honeypot servers.

Anthropic said it isn't releasing its newest model, Claude Mythos, due to cybersecurity misuse fears. Mythos can autonomously detect and exploit cybersecurity flaws at scale, Anthropic said.