Check Point researchers have found that popular AI coding assistants are unintentionally leaking sensitive internal data, ...

Attackers published a malicious command-line version of the popular open-source password manager to the npm registry and may ...

Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD ...

OpenAI has released Privacy Filter: a small, free model that masks sensitive info before you paste it into an AI chatbot.

Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol ...

This pattern has become increasingly common as the digital hypemeisters tell businesses to use AI to do all the things, especially when it comes to detecting and blocking security issues. That is – ...

OpenAI releases 'Privacy Filter,' an open-weight model designed to detect and redact sensitive PII locally. Enhance data ...

Lovable's API exposed source code and database credentials for 48 days after the company closed a bug report. Up to 62% of AI ...

A Vercel employee's AI tool OAuth grant gave attackers access to internal systems via a four-hop kill chain. Here's what ...

In February 2026, Tencent tore down its pre-training and reinforcement-learning infrastructure and rebuilt both from scratch.

In a structural departure from AI assistant add-ons, new agent architecture gives AI peers the same roles, permissions, ...

Yet Anthropic's Claude Desktop for macOS installs files that affect other vendors' applications without disclosure, even before those applications have been installed, and authorizes browser ...