Drupal critical update to fix bug with high exploitation risk
…Hackers used AI to develop zero-day exploit for web admin tool cPanel, WHM emergency update fixes critical auth bypass bug Critical cPanel and WHM bug exploited as a zero-day, PoC…
Search
OpenAI confirms security breach in TanStack supply chain attack
…The attack initially targeted packages from TanStack and Mistral AI before spreading to other projects, including UiPath, Guardrails AI, and OpenSearch, through stolen CI/CD credentials and legitimate workflows. Researchers from Socket…
Path traversal flaw in AI dev platform Langflow exploited in attacks
…Langflow is an open-source visual platform for building AI applications, AI agents, Retrieval-Augmented Generation (RAG) systems, and MCP-based workflows using a drag-and-drop interface instead of traditional coding…
New Apple feature automatically changes your compromised passwords
…This changes with a new AI-powered security feature. Apple says the built-in password app and Safari now use AI to "agentically" take action based on your behavior and secure your…
Top stories
The 5 Best Practices for Secure Identity Verification
…The problem is rarely a lack of security tools, but inconsistent identity verification during high-pressure support interactions. Specialized solutions like Specops Secure Service Desk embeds secure identity verification directly into helpdesk…
GitHub confirms breach of 3,800 repos via malicious VSCode extension
…For instance, last year, VSCode extensions with 9 million installs were pulled over security risks , and 10 more, posing as legitimate development tools, infected users with the XMRig cryptominer . Later in the…
TeamPCP hackers advertise Mistral AI code repos for sale
…The topics he writes about include malware, vulnerabilities, exploits and security defenses, as well as research and innovation in information security. His work has been published by Bitdefender, Netgear, The Security Ledger…
OpenClaw AI agent found falling for phishing attacks, spills user data
…Researchers at security firm Varonis created an OpenClaw agent and connected it to a Gmail inbox, browser tools, Google Workspace APIs, and fabricated internal company data sources, instructing it to monitor and…
Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026
…Container Toolkit . Other successful attempts include k3vg3n chaining 3 bugs to take down LiteLLM ($40,000), Satoki Tsuji and haehae exploiting NVIDIA Megatron Bridge zero-days ($20,000), Compass Security and maitai…
Early Warning Signs of Supply-Chain Attacks Live in the Dark Web
…a trusted third-party AI tool and OAuth-connected SaaS access can create a wider security concern (even when the affected company says sensitive customer data and source code were not accessed…