The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver a new ...

Credential theft fell to 13% of breach vectors in 2026. Attackers now bypass MFA via help desk resets and OAuth token theft. Five attack surfaces mapped.

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running them and make off with sensitive data and ...

A critical pre-authentication remote code execution vulnerability in Marimo, an open-source Python notebook platform owned by AI cloud company CoreWeave, was exploited in the wild less than 10 hours ...

The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says. A critical pre-authentication ...

Stop letting AI pick your passwords. They follow predictable patterns instead of being truly random, making them easy for hackers to guess despite looking complex. Two independent research programs, ...

If there’s one universal experience with AI-powered code development tools, it’s how they feel like magic until they don’t. One moment, you’re watching an AI agent slurp up your codebase and deliver a ...

What does this mean? I do not have time to fix issues myself. The only way fixes or new features will be added is by people submitting PRs. Current status: Voluptuous is largely feature stable. There ...

Evaluate the effectiveness of Microsoft’s Python Risk Identification Toolkit (PyRIT) for agentic AI red teaming. Address evolving autonomous AI system threats.

schema is a library for validating Python data structures, such as those obtained from config-files, forms, external services or command-line parsing, converted from JSON/YAML (or something else) to ...

Cybersecurity researchers have uncovered malicious packages uploaded to the Python Package Index (PyPI) repository that act as checker tools to validate stolen email addresses against TikTok and ...