The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.
The Hacker News

Toxic Combinations: When Cross-App Permissions Stack into Risk

Toxic combinations form when AI agents, integrations, or OAuth grants bridge SaaS apps into trust relationships no single ...
Techzine Europe

AI agents on GitHub leak API keys via prompt injection

Three popular AI agents on GitHub Actions are vulnerable to so-called "Comment and Control" attacks. These are Claude Code ...

APi Group Announces the Acquisition of Wtech Fire Group

APi Group Corporation (NYSE: APG) ("APi" or the "Company") today announced that it has entered into a definitive agreement to ...

Rentec Direct Launches Open API to Power Automated, AI-Driven Property Management

Rentec Direct, an industry-leading property management software platform serving more than 18,000 landlords and property managers, has launched an Open API, now available to clients at no additional ...
CSOonline

Microsoft issues out-of-band patch for critical security flaw in update to ASP.NET Core

Patching is not enough: applications embedding the insecure library will need to be rebuilt, and affected tokens and cookies ...
TMCnet

Bybit AI Expands to Infrastructure Layer with Official MCP Release for Multi-Agent Trading

As artificial intelligence becomes central to modern trading workflows, traditional exchange infrastructure optimized for ...
CSO Online

Hackers exploit Vercel’s trust in AI integration

Compromised Context.ai integration let attackers inherit Vercel employee access and reach internal systems, exposing a ...
SecurityWeek

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

Anthropic’s Claude Code Security Review, Google’s Gemini CLI Action, and GitHub Copilot Agent hacked via prompt injection ...
InfoWorld

The cookbook for safe, powerful agents

Capability without control is a liability. If your AI agents have broad credentials and unmonitored network access, you haven ...

Chainguard and Cursor Partner to Secure Agentic Coding with Trusted Open Source

Chainguard, the trusted source for open source, today announced a partnership with Cursor, the leading multi-model AI coding platform, to secure the next generation of agentic software development.

ChatGPT latest update: Finally gets text and object placement right in images

OpenAI launches ChatGPT Images 2.0 with improved accuracy, text rendering, flexible formats, and multi image outputs for real ...