Using top-tier AI for simple tasks is draining corporate budgets. If you don't match the tool to the job, your most popular ...

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft ...

The hacker group TeamPCP uploaded two malicious versions of the popular Python library LiteLLM to PyPI. Using a previously compromised version of the vulnerability scanner Trivy, the attackers stole ...

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...

There’s no denying the excitement around Model Context Protocol (MCP), an open protocol for connecting AI assistants with external data, tools, and APIs. Since its debut by Anthropic in late 2024, ...

The deal gives Anthropic tighter control over how developers connect Claude to software and business systems as AI vendors ...

Data is being stolen by a threat actor who is targeting Microsoft 365 and Azure production installations using assaults that ...

When (and why) does AI coding flip from promising to a security nightmare? Let's look under the coding hood.

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...