A prompt injection vulnerability paired with other flaws can turn a Google search into a full attack chain that could threaten enterprise networks.

GlassWorm attack uses stolen GitHub tokens to inject malware into Python repositories, exposing developers to supply chain risks.

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

How can an extension change hands with no oversight?

Attackers are using fake Claude Code install pages and malicious search ads to spread infostealer malware targeting Windows and macOS systems.

What’s the first thing you think of when you hear about ai security threats and vulnerabilities? If you’re like most people, your mind probably jumps to Large Language Model (LLM) ...

Malicious Chrome extensions tied to ownership transfers push malware and steal data, exposing thousands to credential theft and system compromise.

Source Code Exfiltration in Google Antigravity‍TL;DR: We explored a known issue in Google Antigravity where attackers can ...

In an attempt to understand our own fascination with the shiny minerals, researchers gave some to chimps. A chimp named Toti attentively observes a quartz crystal at a rehabilitation facility in Spain ...

If you wanted to steal local files from someone using Perplexity's Comet browser, until last month you could just schedule ...

The first of the three flaws involved abusing Claude's Hooks feature to achieve remote code execution. Hooks are user-defined shell commands that execute at various points in the tool's lifecycle, ...