Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in the AI development platform Langflow, to write arbitrary files on exposed servers. Langflow is an ...

Research by AppSec biz Checkmarx finds that 70 percent of developers believe AI-generated code has more vulnerabilities, and ...

AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

CISA added CVE-2026-42271, a high-severity LiteLLM command injection flaw, to its KEV catalog after evidence of active ...

Users probe backup failures find Claude-assisted commits. Veteran engineer retorts: 'I did not just vibe-code 'convert test ...

Build 2026 runs from June 2-3 in San Francisco. Here's what Microsoft is expected to announce for GitHub Copilot, Azure AI ...

AI vs AI cybersecurity arrived in documented form on May 10, when an LLM agent drove a four-pivot intrusion to database exfiltration in under an hour with no human direction. CrowdStrike data puts ...

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running them and make off with sensitive data and ...

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.

Developer platform Socket says a malware called TrapDoor is targeting crypto and AI developers across npm, PyPI and Crates, aiming to steal crypto wallet info and browser data.

Malicious Visual Studio Code extension compromised GitHub employee workstation, enabling unauthorized access. Hacking collective TeamPCP takes credit, claiming exposure of 3,800 GitHub internal ...