GitHub fixes RCE flaw that gave access to millions of private repos

In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed ...

ClickUp Data Leak Exposes Enterprise Emails for Over a Year

A hardcoded ClickUp API key exposed hundreds of corporate and government emails for over a year, raising new SaaS security ...
CSO Online

Stopping AiTM attacks: The defenses that actually work after authentication succeeds

AiTM attacks don't steal passwords; they copy the result of a real login. You need to watch what happens after the user logs ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

Most enterprises can't stop stage-three AI agent threats, VentureBeat survey finds

How mature is your AI agent security? VentureBeat's survey of 108 enterprises maps the gap between monitoring and isolation — ...

TrustModel.ai Exposes Hidden Risks in Top Chrome Extensions and AI Agents—63% Flagged in First Independent Trust Audit

First large scale automated trust assessment finds widespread risk across browser extensions, including AI agents. Only ...
Security Boulevard

DAST Tools: Complete Buyer’s Guide & 10 Solutions to know in 2026

Compare the best DAST tools in 2026. Our buyer's guide covers 10 dynamic application security testing solutions, key features ...
Microsoft

Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise

The Microsoft Defender Security Research Team uncovered a sophisticated macOS intrusion campaign attributed to the North ...
SecurityWeek

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

Anthropic’s Claude Code Security Review, Google’s Gemini CLI Action, and GitHub Copilot Agent hacked via prompt injection ...

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.

Microsoft assigned CVE-2026-21520 to a Copilot Studio prompt injection vulnerability and patched it in January — but in ...
Wall Street Journal

Locals Are Using AI to Fight Data Centers Being Built in Their Backyards

CINCINNATI—Late at night, or when her 18-month-old daughter is napping, Jessica Sharp logs onto Chat GPT and asks it to help her in her fight to stop a data center from being built just steps away ...