AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

A prankster used simple prompts to trick a GM dealership's ChatGPT chatbot into selling a 2024 Chevy Tahoe for $1.

CISA added CVE-2026-42271, a high-severity LiteLLM command injection flaw, to its KEV catalog after evidence of active ...

CrowdStrike, alongside Google and the Shadowserver Foundation, has disrupted the Glassworm botnet used to spread malware ...

The Glassworm botnet, a global operation targeting software developers through the open-source supply chain, was disrupted ...

Then imagine it replying: "Sorry, the website won't let me in." That's the quiet failure mode behind most AI agents today. They can think, but they can't really act on the live web — websites block ...

A new threat actor is combining social engineering techniques, abuse of legitimate cloud infrastructure, and custom malware together to create what appears to be novel attack chain. Google Threat ...

A critical pre-authentication remote code execution vulnerability in Marimo, an open-source Python notebook platform owned by AI cloud company CoreWeave, was exploited in the wild less than 10 hours ...

If there’s one universal experience with AI-powered code development tools, it’s how they feel like magic until they don’t. One moment, you’re watching an AI agent slurp up your codebase and deliver a ...

Andrej Karpathy created microGPT, a minimal GPT using only 243 lines of Python code. The project simplifies LLM architecture to basic mathematical operations without external libraries. Karpathy's ...

A press group says a prosecutor broke ethics rules by not flagging a law that limits searches for reporting materials. By Charlie Savage Charlie Savage writes about national security and legal policy.