How recruitment fraud turned cloud IAM into a $2 billion attack surface

Adversaries weaponized recruitment fraud to steal cloud credentials, pivot through IAM misconfigurations, and reach AI infrastructure in eight minutes.

Why LLMs are plateauing – and what that means for software security

Despite rapid generation of functional code, LLMs are introducing critical, compounding security flaws, posing serious risks for developers.
Security Boulevard

Agentic AI Security Starter Kit: Where Autonomous Systems Fail and How to Defend Against It

Many teams are approaching agentic AI with a mixture of interest and unease. Senior leaders see clear potential for efficiency and scale. Builders see an opportunity to remove friction from repetitive ...
CSO Online

Shai-Hulud-style NPM worm hits CI pipelines and AI coding tools

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a ...

North Korean job scammers target JavaScript and Python developers with fake interview tasks spreading malware

Operation Dream Job is evolving once again, and now comes through malicious dependencies on bare-bones projects.
eWeek

OpenAI Introduces New Safeguards in ChatGPT to Prevent AI Prompt Injection

OpenAI launches Lockdown Mode and Elevated Risk warnings to protect ChatGPT against prompt-injection attacks and reduce data-exfiltration risks.