GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...

A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate ...

GGUF parser vulnerabilities disclosed May 15, 2026 include a critical integer overflow that lets any malicious model file trigger arbitrary memory reads — affecting Ollama, LM Studio, and every local ...

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to ...

Microsoft uncovered 150+ AI-assisted cryptojacking domains using fake software downloads to deploy persistent malware.

Most AI coding benchmarks still ask the question: did the agent produce code that passes the current tests? This is a useful ...

Vibe coding in the enterprise is a recipe for a hangover; if you use AI to generate code without first extracting the specs, you’re just automating technical debt.

A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension.

Writing code that interacts with LLM services requires bridging two different worlds. Use these tips and techniques to bind ...

Google says attackers are using AI for zero-day research, malware development, reconnaissance, and access to premium AI tools.