Researchers found Cordyceps CI/CD flaws affecting 300+ repositories, enabling code execution, credential theft, and supply ...

Palo Alto found critical flaws in AI/ML libraries NeMo, Uni2TS, and FlexTok Vulnerabilities allowed arbitrary code execution via malicious model metadata All patched by mid-2025; no exploitation ...

Security firm Novee has revealed Cordyceps as a class of exploitable CI/CD vulnerabilities across open-source repositories ...

Cybersecurity researchers have discovered a set of malicious npm packages that are designed to deliver a Windows-based remote access trojan (RAT). The list of identified packages, is below - ...

A buffer overflow happens when a program writes more data into a memory buffer than the buffer can hold. The extra bytes land in adjacent memory, corrupting whatever was there. If an attacker controls ...

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...

A malicious Microsoft Edge extension dubbed ‘Edgecution' has been used in a ransomware attack to escape the browser sandbox and deploy a Python-based backdoor. Access to the local system is obtained ...

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...

Sign up with your email below to instantly access member features, newsletters and exclusive Insider perks ...