Cybersecurity, AI safety, threat detection, and privacy in the age of AI.
43 articles
An AI agent discovered 21 previously unknown vulnerabilities in FFmpeg, a widely used open-source multimedia framework. This development highlights the power of AI in automated cybersecurity and vulnerability detection.
This article explains how a self-replicating malware called the Miasma worm attacked Microsoft's GitHub repositories, highlighting the dangers of supply chain attacks in software development.
A simple GitHub issue could have compromised Anthropic’s Claude Code action, exposing projects that use it to potential data breaches and unauthorized access.
A popular npm package with 29,000 weekly downloads has been silently stealing OpenAI API tokens for a month, raising concerns about supply chain security.
Dozens of Red Hat packages were compromised through the official NPM channel, with malicious backdoors embedded in the code. Anyone who has downloaded these packages should investigate immediately.
Cybercriminals are exploiting shared chat features in ChatGPT and Claude to distribute malware, disguising malicious content within trusted domains.
A developer has revealed how a malicious code addition in the popular Java library jqwik could have instructed AI coding agents to delete application output, highlighting serious security vulnerabilities in AI-assisted development.
Iranian hackers targeted LA Metro's rail-yard control systems in March, according to Israeli cybersecurity firm Gambit Security. The breach exposed 700 gigabytes of sensitive data and highlights growing concerns over critical infrastructure vulnerabilities.
This article explains how AI-driven credential governance works to protect enterprise security, moving beyond traditional password management to dynamic, intelligent access control systems.
This explainer explores Bumblebee, a read-only supply-chain scanner open-sourced by Perplexity, designed to inventory developer endpoints without executing code, mitigating risks in software supply chains.
A hacker group called TeamPCP is systematically poisoning open source code repositories at an unprecedented scale, with GitHub being the latest victim of their supply chain attacks.
CISA credentials were found exposed on GitHub since November 2025, raising serious security concerns. The breach included SSH keys and plaintext passwords that could compromise critical infrastructure systems.
