Three LiteLLM flaws let low-privilege users gain admin access and run code, exposing AI keys, secrets, prompts, and responses ...

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

Users probe backup failures find Claude-assisted commits. Veteran engineer retorts: 'I did not just vibe-code 'convert test ...

If reinstalling software feels repetitive, these tools have some ideas.

A three-CVE chain lets any default LiteLLM user escalate to admin and get a shell on the gateway server. A separate RCE is ...

Microsoft released MAI-Code, a model designed to convert plain-English descriptions into functional application code, pushing ...

Google has announced the Google Colab CLI, a command-line tool that allows developers and AI agents to interact with remote ...

Anthropic's Mythos Preview was highly effective at finding vulnerability candidates, especially when analyzing source code.

A China-linked espionage group lived inside corporate cloud accounts for a year and a half by stealing trust instead of ...

With Microsoft's new Dev Configs, a Windows installation becomes a ready-to-use developer workstation with a single command – ...

TL;DR Introduction At the start of this year, I wrote a blog on how 2025 was the ‘year of the infostealer’, and it doesn’t ...