In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...

Google's GTIG identified the first zero-day exploit developed with AI and stopped a mass exploitation event. The report documents state actors using AI for vulnerability research and autonomous ...

Criminal hackers have used artificial intelligence to develop a working zero-day exploit, the first confirmed case of its ...

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

Cline is one of the most widely adopted open-source AI coding assistants, and its Kanban feature provides a web-based project ...

OpenAI launched Daybreak with GPT-5.5-Cyber tools as AI accelerates vulnerability discovery and exploit timelines.

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...

CLI-Anything generates SKILL.md files that AI agents trust and execute. Snyk found 13.4% of agent skills contain critical ...

Hyunwoo Kim, also known as "V4bel," recently disclosed "Dirty Frag," a dangerous security vulnerability that provides local ...

The attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which ...

A new wave of the Mini Shai-Hulud campaign compromised dozens of TanStack npm packages as part of a broader supply chain ...

What happened?: Attackers took over a maintainer account for Axios and published malicious versions to npm, potentially impacting millions of downloads. Why it matters: CSA Singapore warns supply ...