Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
Computer Weekly

Secure Code Warrior CEO on surviving the AI ‘vulnerability apocalypse’

As enterprises embrace agentic AI and vibe coding, Secure Code Warrior CEO and co-founder Pieter Danhieux warns that ...
SecurityWeek

Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories

Amazon Q vulnerability could allow attackers to steal developer cloud credentials by luring them into opening a booby-trapped ...
InfoQ

Grab Builds Secure Agentic AI Workload Platform

Grab's security team built Palana, a Kubernetes-native secure execution platform, to run autonomous AI agents safely. Unlike ...
JD Supra

'Honeypot' Suit Spotlights Nuances of Trade Secret Law

On March 17, 2026, MyCard, Inc. (d/b/a Knot) filed a bombshell complaint in the District of Delaware, alleging that it had caught Atomic FI, ...
Security Boulevard

Hackers Exploit Gravity SMTP WordPress Plugin Vulnerability

What happened Threat actors are actively exploiting an unauthenticated information disclosure vulnerability in the Gravity SMTP WordPress plugin, which is installed on more than 100,000 WordPress ...
Tech Times

WordPress Email Plugin Flaw Triggers 17 Million Attacks: Gravity SMTP Leaks Live API Keys

Gravity SMTP WordPress vulnerability CVE-2026-4020 has drawn 17 million automated exploit attempts since May 2026, draining ...
Microsoft

Build Power Pages Sites with AI through Agentic Coding tools, now Generally Available

We are excited to announce the General Availability (GA) of the Power Pages plugin for GitHub Copilot CLI and Claude Code. Just few months back when we introduced the preview, you could describe a ...
techtimes

CloakHQ’s Open-Source Chromium Fork Defeats Cloudflare, DataDome, and PerimeterX Without Configuration

A Chromium fork called CloakBrowser, released by New York-based CloakHQ in early 2026, has surpassed 9,200 GitHub stars this week after its latest update added a Windows x64 build and closed what ...
Microsoft

When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps

AI and agentic application deployments on cloud-native platforms are increasing, and they often prioritize speed over secure configuration. Our observations from aggregated and anonymized Microsoft ...
VentureBeat

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

Any development environment that installed or imported one of the 172 compromised npm or PyPI packages published since May 11 should be treated as potentially compromised. On affected developer ...
CSOonline

Seven IBM WebSphere Liberty flaws can be chained into full takeover

A pre‑authentication bug in SAML Web SSO, combined with weak access controls and cryptography, allows attackers to escalate privileges and achieve remote code execution. Security researchers are ...