OpenAI Launches Daybreak the Same Day Google Confirmed the First AI-Built Zero-Day Attack

On May 11, the same day Google's Threat Intelligence Group disclosed the first confirmed case of attackers using AI to build ...

Inside the GitHub Breach: The suspicious extension that exposed internal repositories and what went wrong

GitHub has contained a breach involving unauthorized access to thousands of internal repositories, allegedly linked to a ...

Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...

Microsoft MDASH Beats A Key Mythos Benchmark. Here’s Why That Matters

Microsoft MDASH outperforms Mythos Preview on the CyberGym benchmark, demonstrating improved vulnerability discovery ...

Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...
Opinion
Security BoulevardOpinion

Advisories Are Now Exploit Specs. Act Accordingly.

The zero-day-to-n-day collapse is no longer theoretical, as demonstrated by CVE-2026-39987 in Marimo, which saw initial exploitation occur just nine hours and 41 minutes after disclosure without a ...
Decrypt

Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering

Four supply-chain attacks hit OpenAI, Anthropic, and Meta in 50 days — none inside the model. A 7-row matrix maps what AI ...
CSO Online

PraisonAI vulnerability gets scanned within 4 hours of disclosure

A newly disclosed authentication bypass flaw (CVE-2026-44338) in PraisonAI drew near-instant probing, exposing risks from ...
The Hacker NewsOpinion

ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories

Weekly ThreatsDay Bulletin: supply chain attacks, fake support lures, AI tampering, data leaks, ransomware, and exploited ...
Microsoft

Introducing RAMPART and Clarity: Open source tools to bring safety into Agent development workflow

The AI systems shipping inside enterprises today are fundamentally different from the ones we were building even two years ...
Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...