Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...

Data incidents have become so common that you may be tempted to throw away notification letters. Don’t do that, experts say.

An SQL injection vulnerability in Ally, a WordPress plugin from Elementor for web accessibility and usability with more than 400,000 installations, could be exploited to steal sensitive data without ...

AI-powered bot hackerbot-claw exploited GitHub Actions workflows across Microsoft, DataDog, and CNCF projects over 7 days using 5 attack techniques. Bot achieved RCE in 5 of 7 targets, stole GitHub ...

Tenable Research revealed "LeakyLooker," a set of nine novel cross-tenant vulnerabilities in Google Looker Studio. These flaws could have let attackers exfiltrate or modify data across Google services ...

First of four parts Before we can understand how attackers exploit large language models, we need to understand how these models work. This first article in our four-part series on prompt injections ...

When Anthropic launched the Model Context Protocol (MCP) in 2024, the idea was simple but powerful – a universal “USB-C” for ...

The U.S. homeland is out of range of military strikes, but state and local governments could see cyber attacks, cloud service disruptions and rising supply costs.

A practical MCP security benchmark for 2026: scoring model, risk map, and a 90-day hardening plan to prevent prompt injection, secret leakage, and permission abuse.

SafeLine self-hosted WAF blocks SaaS bot abuse with 99.45% accuracy, cutting fake sign-ups and stabilizing CPU usage.

Developer-first security tool blocks AI manipulation attacks in under 100 milliseconds with a single API call Our goal ...

AI-assisted development accelerates software delivery but expands the threat surface. From prompt injection and malicious MCP servers to AI-generated code flaws and ...