A North Korean attack group is running a scam operation called the Graphalgo, wherein they use fake job schemes to deliver malware.

“Once contribution and reputation building can be automated, the attack surface moves from the code to the governance process around it. Projects that rely on informal trust and maintainer intuition ...

Learn how Zero-Knowledge Proofs (ZKP) provide verifiable tool execution for Model Context Protocol (MCP) in a post-quantum world. Secure your AI infrastructure today.

Palo Alto found critical flaws in AI/ML libraries NeMo, Uni2TS, and FlexTok Vulnerabilities allowed arbitrary code execution via malicious model metadata All patched by mid-2025; no exploitation ...

SquareX has disclosed a previously undocumented API within the Comet AI browser that allows its embedded extensions to execute arbitrary commands and launch applications — capabilities mainstream ...

The Python Software Foundation has rejected a $1.5 million government grant because of anti-DEI requirements imposed by the Trump administration, the nonprofit said in a blog post yesterday. The grant ...

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a ...

Philippe Caturegli, “chief hacking officer” at the security consultancy Seralys, was the first to publicize the leak of credentials for an x.ai application programming interface (API) exposed in the ...

Cybersecurity company Snyk Ltd. today announced the launch of Snyk API & Web, a new dynamic application security testing or DAST solution designed to meet the growing demands of modern and ...