New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...

Overview: FastAPI stands out for speed, async support, and built-in validation, making it ideal for modern high-traffic ...

OX Security confirmed arbitrary command execution on six live platforms and estimates 200,000 MCP servers are exposed. Here's ...

The popular Python package for monitoring data quality was briefly available as a malicious version. Provider Elementary ...

Home » Security Bloggers Network » Shai-Hulud Strikes SAP: Supply Chain Worm Weaponized Claude Code to Compromise the CAP Framework The post Shai-Hulud Strikes SAP: Supply Chain Worm Weaponized Claude ...

A critical pre-authentication SQL injection vulnerability in BerriAI’s LiteLLM Python package came under active exploitation ...

CVE-2026-42208 exploited within 36 hours of disclosure, exposing LiteLLM credentials, risking cloud account compromise.

A widely used open-source PyPI package, elementary-data, was compromised in a targeted attack that inserted infostealer malware via a GitHub Actions vulnerability. The malicious update, version 0.23.3 ...

This was not a case of stolen credentials, but rather of vulnerability exploitation.

There appears to be a recent epidemic of users hijacking companies’ AI-powered customer service bots to turn them into ...

Buzur is an open-source 19-phase scanner that protects AI agents and LLM applications from indirect prompt injection attacks (OWASP LLM Top 10 #1). It inspects web content, URLs, images ...