Cloudflare ended years of partner-only restrictions on Wednesday, opening self-managed OAuth 2.0 to every developer on its platform. The move eliminates the manual onboarding process that previously ...

A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed LiteLLM is a widely ...

TL/DR: OpenCode is an open-source, model-agnostic coding agent that runs in your terminal. You bring your own keys and point it at whatever model you like. Here is what it is, how it stacks up against ...

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...

The leaked bytes are the useful part. Squid reuses freed memory buffers without zeroing them, so a 4KB buffer that recently ...

Okta introduced Cross App Access, or XAA, in June 2025 as a way to govern agent-to-app and app-to-app connections. Today’s ...

Organizations running Microsoft Exchange Server face an active threat after a zero-day vulnerability was confirmed to allow attackers to silently take over inboxes, rewrite email content, and steal ...

Squidbleed, discovered with the aid of Claude Mythos Preview, has been described as a Heartbleed-style vulnerability. Security researchers at Calif.io have disclosed a memory leak vulnerability in ...

Microsoft’s real competitor to Palantir Foundry is actually Microsoft Fabric + Fabric IQ, not Microsoft Foundry. Palantir has been doing Palantir things for over twenty years. Microsoft has been doing ...

This research is part of a joint initiative between the Cloud Security Alliance (CSA) and OWASP AI Exchange, building upon the previously published Agentic AI Red Teaming Guide. The objective of this ...