The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI models before authentication is checked.

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.

GGUF parser vulnerabilities disclosed May 15, 2026 include a critical integer overflow that lets any malicious model file ...

Four research teams found the same confused deputy failure in Claude across three surfaces in 48 hours. This audit matrix maps every blind spot and fix.

Cybersecurity researchers create a five-step exploit chain using over-permissioned roles, secrets discovery, and NHIs to attack a popular low-code service.

Open source robotics AI platform LeRobot surpassed 58,000 community datasets in 2026 — 50x growth in under a year — making it the largest dataset category on Hugging Face and signaling a ...

A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim ...

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. The tool is highly ...

Google has fixed a critical flaw in its agentic integrated developer environment (IDE) Antigravity that led to sandbox escape and remote code execution (RCE) after researchers created a proof of ...

An autonomous AI agent built on Claude Opus reportedly chained together zero-day vulnerabilities in GitHub Actions workflows, ...

Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...