Four vulnerabilities in CrewAI could be chained together via prompt injection for sandbox escape, remote code execution, and ...

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

Langflow CVE-2026-33017 exploited in 20 hours after disclosure, enabling RCE via exec(), exposing systems before patching ...

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes ...

The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical ...

Attackers weaponized critical RCE within hours, prompting CISA to add the flaw to its KEV catalog and set an urgent patch ...

A cyber attack hit LiteLLM, an open-source library used in many AI systems, carrying malicious code that stole credentials ...

Build your first fully functional, Java-based AI agent using familiar Spring conventions and built-in tools from Spring AI.

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...

A growing body of academic research warns that AI-assisted “vibe coding,” where language models assemble software from ...

North Korean hackers used an updated version of a known backdoor to target a popular npm package.

Threats actors pounced on the vulnerability within hours of its disclosure, demonstrating that organizations have little time ...