Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers ...

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate ...

The Florida Fish & Wildlife Conservation Commission (FWC) has released the dates for the 2026 Florida Python Challenge. The 10-way hunt for invasive Burmese pythons will run from July 10-19. The grand ...

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...

Microsoft uncovered 150+ AI-assisted cryptojacking domains using fake software downloads to deploy persistent malware.

Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...

GGUF parser vulnerabilities disclosed May 15, 2026 include a critical integer overflow that lets any malicious model file trigger arbitrary memory reads — affecting Ollama, LM Studio, and every local ...

Exploitation of open-source tools allows attackers to maintain persistent access after initial social engineering, warn ReliaQuest researchers ...

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...