GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.

A security researcher published six vulnerabilities in llama.cpp's model-file parser to the oss-security mailing list on May 15, 2026 — and none of them carry an assigned CVE number, meaning standard ...

Google’s Project Zero demonstrates a new zero-click exploit for the Pixel 10 phones, showing a full escalation from remote to kernel without user interaction. During the investigation Project Zero ...

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...

A research team at Mohamed bin Zayed University of Artificial Intelligence published a finding in April 2026 that has gained traction in engineering circles for reasons that go beyond its headline ...

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...

Four research teams found the same confused deputy failure in Claude across three surfaces in 48 hours. This audit matrix maps every blind spot and fix.

OX Security confirmed arbitrary command execution on six live platforms and estimates 200,000 MCP servers are exposed. Here's how to audit your deployments.

OpenAI has updated its Agents SDK with native sandbox execution and a refined harness to improve AI agent safety, while Fortinet patched critical FortiSandbox flaws enabling remote code execution and ...

Abstract: Attacking software, a system, or a device requires the attackers to understand its workflow and functionality. Sometimes, it is necessary only to abuse an obsolete service to attack a device ...

Google's latest threat report warns that third-party tools are now prime targets for attackers - and businesses have only ...

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach ...