Three popular plugins served malicious JavaScript through a compromised CDN.

Tenet Security researchers reveal how new “agentjacking” attacks could trick coding agents into executing arbitrary code ...

Chrome's WebMCP guidance warns that AI agents can be manipulated through the tools they are built to trust.

This is probably the dictionary illustration for "deceptively simple." ...

Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier this week. The content management system (CMS) project published a PSA on May ...

Researchers at Cyera found six vulnerabilities in prtobuf.js, including a flaw that can turn attacker-controlled schema data ...

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited ...

What if your AI coding assistant could be tricked into stealing your own company’s secrets – by reading a single ...

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

With the rise of AI coding assistants continuing apparently unabated, some project maintainers have begun striking back. Ars Technica reports on projects putting hostile directions into the ...