Four vulnerabilities in CrewAI could be chained together via prompt injection for sandbox escape, remote code execution, and ...

DPRK-linked actors use GitHub C2 and LNK phishing in South Korea, enabling persistent PowerShell control and data ...

Mark Collier briefed me on two updates under embargo at KubeCon Europe 2026 last month: Helion, which opens up GPU kernel ...

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...

AI chatbots make it possible for people who can’t code to build apps, sites and tools. But it’s decidedly problematic.

With DeerFlow, ByteDance introduces a super-agent framework that allows for secure and parallel execution of agents through ...

The TeamPCP hacking group has hacked the Telnyx PyPI package as part of a supply chain campaign targeting the broad OSS ecosystem.

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

OpenClaw, an open-source AI agent with a red lobster logo, has sparked a nationwide craze in China in early 2026.Unlike ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

Overview Recently, NSFOCUS Technology CERT detected that the GitHub community disclosed that there was a credential stealing program in the new version of LiteLLM. Analysis confirmed that it had ...

Two versions of LiteLLM, an open source interface for accessing multiple large language models, have been removed from the Python Package Index (PyPI) following a supply chain attack that injected ...