The supply chain attack on third-party library Axios has forced OpenAI to revoke its code-signing certificate and require ...

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...

“Traditional security focused on obvious malicious inputs. With AI, attacks can be hidden in natural language, embedded in ...

Threat actors can use malicious web content to set up AI Agent Traps and manipulate, deceive, and exploit visiting autonomous ...

This week, a "Raccoon"-linked actor hit help desks, Eurail exposed 308K users, Fortinet patched critical flaws, Pushpaganda ...

It's not even your browser's fault.

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...

Flowise AI platform carried CVSS-10 arbitrary code flaw Vulnerability in CustomMCP node exploited in the wild Up to 15,000 ...

A new report, The State of Biometric Security in the Age of AI Fraud, from Aware, Inc. (NASDAQ: AWRE), a global leader ...

A Grafana AI flaw enables zero-click data exfiltration by hiding malicious prompts in URLs, said a Noma Security report.

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks.

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access trojan to potentially millions of developer environments during a three-hour ...