Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.

CVE-2026-5760 (CVSS 9.8) exposes SGLang via /v1/rerank endpoint, enabling RCE through malicious GGUF models, risking server ...

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.

An unpatched vulnerability in Anthropic's Model Context Protocol creates a channel for attackers, forcing banks to manage the ...

A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into ...

Perplexity launches its “Personal Computer” AI assistant for Mac, enabling users to automate tasks across apps, files, and ...

Android Package (APK) malformation has emerged as a standard Android malware evasion tactic, with the technique identified in ...

Cloudflare expands Agent Cloud with OpenAI GPT-5.4 integration and isolate-based Dynamic Workers, challenging containers as ...

OpenAI Agents SDK update adds sandbox execution and a new harness to help developers build reliable, production-ready AI ...

Economist Scott Cunningham showed the Fed how AI agents can replicate studies for $11—and why the same tools could erode the ...

Kimi K2.6 builds on Kimi K2.5 with stronger coding, better tool use, lower hallucination rates, native multimodal input, and ...

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...