Miasma Attack Poisons 32 Red Hat npm Packages — And SLSA Didn’t Help
Miasma attack hit 32 Red Hat npm packages, 117K weekly downloads. SLSA provenance attestations passed every check while credentials were silently exfiltrated.
ChatGPT for Google Sheets Can Steal Your Entire Spreadsheet Library
PromptArmor found indirect prompt injection in ChatGPT for Google Sheets that silently exfiltrates up to ...
Apple’s Container CLI: Run Linux on macOS Without Docker Desktop
Apple's container CLI runs OCI Linux containers in per-VM isolation on macOS 26. Here's when ...
Cloudflare Turnstile Is Fingerprinting Your Users
Cloudflare Turnstile markets itself as privacy-preserving, but it fingerprints users via WebGL. Here's what developers ...
MCP Tool Poisoning: OWASP MCP Top 10 Developer Guide
OWASP published its MCP Top 10 security framework in 2026. Here's what tool poisoning is, ...
RAMPART and Clarity: Microsoft’s AI Agent Safety Testing Kit
Microsoft open-sourced RAMPART and Clarity — a pytest-native framework and design-review agent that bring shift-left safety testing to agentic AI development workflows.
Socket Raises $60M, Acquires Secure Annex: IDE Is Now the Perimeter
Socket closed $60M in Series C funding and acquired Secure Annex to extend supply chain ...
Chrome DBSC Is Live: What Developers Must Do Now
Chrome's Device Bound Session Credentials (DBSC) went GA for Google Workspace on May 25. Here ...
TanStack npm Attack: The Worm That Forged SLSA Provenance
The Mini Shai-Hulud worm hit 42 TanStack npm packages in a six-minute window and produced ...
Python 3.14 t-Strings: Safer Templating Over f-Strings
Python 3.14 t-strings return a Template object instead of a string, letting you build injection-safe ...