JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
MG iSMART is the connectivity system in your MG car (MG5, MG4, ZS...). The implementation is based on the findings from the SAIC-iSmart-API Documentation project. --saic-phone-country-code ...
SentinelOne details Gaslight, a Rust-based macOS implant linked to North Korea-aligned actors that uses prompt injection to ...
With the advent of AI-mediated APIs, the era of manually hard-coding every integration between every microservice may be ...
Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...
A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a credential-stealing payload targeting browsers, environment files, and cloud services. The ...
The popular Telnyx Python SDK is the latest victim of TeamPCP’s weeks-long supply chain campaign targeting the broad open source software ecosystem. The campaign started on March 19 with Aqua Security ...
In early 2025, CISA added CVE-2025-3248 to their Known Exploited Vulnerabilities catalog. It was an unauthenticated remote code execution bug in Langflow, the popular open-source AI workflow builder ...
The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results