Managed Authorisation extension to stable status, adding a centralised way for organisations to control access to MCP servers ...
Unsure how modern login works? Read our simple guide to OpenID Connect, explaining how this essential identity layer ...
They're not bad; they're just prompted that way. Sysdig threat hunters documented what they say is the first-ever documented ...
ConsentFix and ClickFix attacks steal Microsoft 365 tokens in seconds using fake prompts and OAuth flows. Learn how these MFA ...
Security teams are facing a fresh warning over enterprise use of AI coding agents after researchers identified a man-in-the-middle attack path that can redirect Claude Code traffic, capture OAuth ...
Semi-automate multi-protocol API calls, construct jq queries at the speed of light, or transform strings to and from any format.
Cybersecurity researchers at Aikido Security have uncovered a malicious supply chain attack targeting OpenAI Codex developers via the npm package “codexui-android”. While the associated GitHub ...
Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that's targeting developers using OpenAI Codex through a legitimate-looking remote web UI. The tool, named ...
A popular Codex tool used by thousands of developers has been secretly stealing users’ login tokens for the past month, all by triggering the installation of a malicious npm package. It’s still ...
GitHub shipped the developer security industry's most-requested registry control on May 22, 2026: staged publishing, now generally available for all npm packages. The feature inserts a mandatory ...
Four supply-chain incidents hit OpenAI, Anthropic and Meta in 50 days: three adversary-driven attacks and one self-inflicted packaging failure. None targeted the model, and all four exposed the same ...