Security researchers have identified a vulnerability in Google’s Vertex AI agent framework that could allow attackers to ...

This report makes clear that technical prompt injections aren’t a theoretical problem, they’re a real and immediate ...

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that a Craft CMS remote code execution flaw is being exploited in attacks. The flaw is tracked as CVE-2025-23209 and is a high ...

GARTNER SECURITY & RISK MANAGEMENT SUMMIT — Washington, DC — Having awareness and provenance of where the code you use comes from can be a boon to prevent supply chain attacks, according to GitHub's ...

The ConnectWise ScreenConnect vulnerability, which earlier this year was identified as a potential way for threat actors to perform ViewState code injection attacks, is now being exploited, according ...

Attackers are now actively exploiting a critical vulnerability in Fortinet's FortiClient EMS platform, according to threat intelligence company Defused.

Microsoft Threat Intelligence has identified 3,000 ASP.NET keys disclosed in code documentation and repos that could be used in code injection attacks. Microsoft Threat Intelligence in December ...

Indirect prompt injection represents a more insidious threat: malicious instructions embedded in content the LLM retrieves ...

“AI” tools are all the rage at the moment, even among users who aren’t all that savvy when it comes to conventional software or security—and that’s opening up all sorts of new opportunities for ...