A critical prompt injection vulnerability in GitHub Agentic Workflows could allow unauthenticated attackers to leak private repository data, ...
A new data-extortion group called Helix is using identity-focused tactics such as voice phishing (vishing), device code ...
From a rushed ShareFile shutdown to poisoned npm packages and AI assistants tricked into installing malware, here's every ...
An open WP-SHELLSTORM server exposed tools, logs, and target lists naming 1.4 million sites, with researchers validating ...
A prompt injection attack can trick GitHub’s preview Agentic Workflows into retrieving content from private repositories and ...
A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit, ...
Multiple threat actors are abusing the GitHub API to discover organizations’ repositories and members via ghost accounts.
An exposed WP-SHELLSTORM server revealed tools, logs, cloud credentials, and thousands of webshells used in a large website ...