CSO Online

Google’s Vertex AI SDK could allow RCE through bucket squatting

Google reportedly patched a flaw in the Vertex AI SDK for Python that could allow attackers to hijack model uploads and ...
Security Boulevard

When AI Agents Become Bots: A Field Report from the Authentication Layer

Security vendors and their customers have spent considerable time debating where to draw the line between “legitimate” AI agents and “malicious” bots. A 31-day campaign against a major consumer ...
Security Boulevard

Top 8 AI App Security Software in 2026

AI paid compared to those with little or none, per the IBM Cost of a Data Breach Report 2025. The same IBM 2025 research found that 13% of organizations had already suffered a breach of an AI model or ...
SecurityWeek

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
The Hacker News

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Proofpoint says UNK_DeadDrop sent 250+ phishing emails to nearly 100 firms, using GitHub and VS Code lures to steal ...
IEEE

Bridging Observability and Security: A Graph-Based Arbitration and Adaptive Sensing Approach via eBPF

Abstract: With the evolution of cloud-native microservice architectures traditional sidecar-based monitoring patterns and fragmented security tools have introduced significant resource overhead and ...

The attack dominating financial services doesn't steal passwords. It resets MFA and steals the token.

Credential theft fell to 13% of breach vectors in 2026. Attackers now bypass MFA via help desk resets and OAuth token theft.
Searchenginejournal.com

Security Researcher: WordPress 7.0 Could Trigger Rush To Steal AI API Keys

Oliver Sild, founder of Patchstack WordPress security company, shared concerns about the security of AI API keys in WordPress 7.0, sharing that there “will be an absolute rush by hackers to steal API ...
Dark Reading

China's Webworm Uses Discord, Microsoft Graphs to Hack EU Governments

A China-backed persistent threat actor known as Webworm is targeting governmental organizations across Europe, and it's using unusual command-and-control mechanisms to do so. Security vendor ESET this ...
GitHub

Coinbase Advanced API Python SDK

Welcome to the official Coinbase Advanced API Python SDK. This python project was created to allow coders to easily plug into the Coinbase Advanced API. This SDK also supports easy connection to the ...
VentureBeat

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...