New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.

CVE-2026-22679 exploited via debug endpoint in Weaver E-cology before 20260312, enabling RCE and system compromise.

Four research teams found the same confused deputy failure in Claude across three surfaces in 48 hours. This audit matrix ...

Critical out-of-bounds read in Ollama before 0.17.1 leaks process memory including API keys from over 300000 servers via ...

The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows ...

OX Security confirmed arbitrary command execution on six live platforms and estimates 200,000 MCP servers are exposed. Here's ...

As Europe pushes for sovereign AI infrastructure, Giskard is securing enterprise AI agents against manipulation, unsafe ...

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. The tool is highly ...

Google has fixed a critical flaw in its agentic integrated developer environment (IDE) Antigravity that led to sandbox escape and remote code execution (RCE) after researchers created a proof of ...

DeepClaude swaps Claude Code's expensive Anthropic backend for DeepSeek V4 Pro, keeping the agent loop, slashing the bill.