TrapDoor: The Supply Chain Attack That Hijacks Your AI
TrapDoor planted 34 malicious packages across npm, PyPI, and Crates.io — then used zero-width Unicode to make your AI coding assistant steal your ...
GitHub Bans Researcher Over Windows Zero-Days and Unpaid Bug Bounty
GitHub banned security researcher Nightmare-Eclipse after they released 6 unpatched Windows zero-days. Three are actively ...
Project Lightwell: IBM and Red Hat Bet $5B on Open Source Security
IBM and Red Hat launched Project Lightwell today — a $5B initiative using AI and ...
Claude Code Security Plugin: Catch Bugs Before Production
Anthropic's free security-guidance plugin for Claude Code catches vulnerabilities in real time across three layers. ...
OpenHack: Run AI Penetration Tests Inside Claude Code or Codex
Hadrian open-sourced OpenHack on May 21 — an MIT-licensed AI vulnerability research toolkit that runs ...
Google Engineer’s $1.2M Polymarket Bet Was Insider Trading
A Google engineer used company search data to pocket $1.2M on Polymarket. Federal charges followed. Here is what CFTC Rule 180.1 means for ...
Gitea CVE-2026-27771: Private Container Images Were Never Private
Gitea CVE-2026-27771 exposed private container images to unauthenticated access for 4 years. 30,000+ deployments affected. ...
CVE-2026-48710 BadHost: Starlette Flaw Hits AI Agents
A host-header injection flaw in Starlette — the ASGI core behind FastAPI and most of ...
Microsoft RAMPART and Clarity: AI Agent Safety Now Lives in Your CI Pipeline
Microsoft open-sourced RAMPART and Clarity on May 20 — a pytest-native agent safety testing framework ...
NanoCo Raises $12M: Per-Employee Sandboxed AI Agents Explained
NanoCo raised $12M to give every employee their own sandboxed AI agent. Here's the NanoClaw ...