AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.

With the rise of AI coding assistants continuing apparently unabated, some project maintainers have begun striking back. Ars Technica reports on projects putting hostile directions into the ...

The HTTP/2 Bomb exploit chains two known denial-of-service (DoS) attack techniques to knock major web servers offline.

Alongside Venmo, Cash App is among the most popular peer-to-peer payment platforms, though it does a whole lot more than just ...

Humanity Protocol's H token crashed more than 80% after attackers stole the private keys behind the project and drained more than $30 million, the latest in a year of crypto thefts that go after keys ...

The GitHub hack shows how one poisoned VS Code extension gave attackers access to 3,800 internal repositories. If you rely on third-party developer tools, this breach is a warning to audit your ...

Anthropic research shows AI agents can autonomously achieve millions of dollars in exploits. Attackers stole at least $36.7 ...

Weekly ThreatsDay recap: old bugs, fake tools, shady payload tricks, AI mishaps, and the usual reminder that the internet is ...

Markets sold off ahead of CPI. Crypto tax bills hit a wall in the House. And Morpho closed one of the biggest DeFi rounds in ...

Fake QR code scam: QR codes are everywhere – from restaurant menus and parking meters to payment apps, vegetable shops, and event tickets. But cybersecurity agencies and researchers are warning that ...

Earlier this week, hackers hijacked several open source projects used by dozens of companies and pushed updates designed to spread malware. This is the latest in a string of recent supply-chain ...

Security researchers are warning of an issue with the default HTTP/2 configuration used by major web servers which reportedly survived more than a decade of human review before showing up in ...