AI Security

AI-generated packages surge exponentially on npm, reshaping open source production and consumption.

Researchers used Anthropic's Mythos AI to discover and exploit macOS kernel memory corruption flaw on Apple M5.

Socket raises $60M Series C at $1B valuation to defend software supply chains against AI-era attacks.

Verizon DBIR 2026: AI exploited software vulnerabilities in 31% of breaches, compressing exploit timelines from months

Verizon's 2026 DBIR finds vulnerability exploitation now top breach entry point, surpassing stolen credentials.

Pwn2Own Berlin 2026 concludes with 47 zero-day exploits demonstrated and $1.3M in payouts.

Pwn2Own Berlin 2026 awards $1.3M for 47 zero-day exploits across enterprise and AI products.

Pwn2Own Berlin 2026 awards $1.3M for 47 zero-day exploits across Windows, Linux, VMware, Nvidia, and AI products.

Four critical vulnerabilities in OpenClaw AI servers enable data theft, backdoors, and admin-level compromise.

Pwn2Own Berlin 2026 day one: researchers exploit 24 zero-days in Windows 11, Edge, Linux, and AI tools for $523K.

7 malicious Chrome extensions impersonating crypto wallets detected with Unicode spoofing and remote kill-switch.

Microsoft warns of exploitable misconfigurations in cloud-native AI apps on Kubernetes enabling RCE and data leaks.

PraisonAI CVE-2026-44338 auth bypass exploited within hours of disclosure

Hackers probed PraisonAI authentication bypass CVE-2026-44338 within 3.75 hours of disclosure.

Critical Exim mail server flaw CVE-2026-45185 allows unauthenticated remote code execution via TLS handling.

Report reveals realistic AI-era attack chains exploit misconfiguration and hardcoded credentials, not novel techniques.

Microsoft MDASH and Palo Alto's Claude Mythos AI find dozens of vulnerabilities in their own code.

Mistral AI allegedly breached; ~5GB source code and 450 private repos exposed by TeamPCP.

Microsoft's MDASH AI system discovered 16 Windows flaws, including 2 critical RCE vulnerabilities, fixed in May 2026

Anthropic's Mythos AI model discovered 181 Firefox exploits in 14 days; CVE-to-exploit window now ~10 hours.

Google launches Intrusion Logging in Android 16 for forensic analysis of sophisticated spyware attacks.

Microsoft explores AI-assisted synthetic attack log generation to accelerate detection engineering.

Microsoft announces MDASH AI system that discovered 16 new Windows vulnerabilities including 4 critical RCE flaws.

May 2026 Patch Tuesday: Microsoft, Apple, Google, Mozilla, Oracle release record patch volumes driven by AI

Microsoft patches 137 vulnerabilities in May Patch Tuesday, including 13 critical flaws.

Rejected Pwn2Own Berlin 2026 researchers publicly disclose zero-days for Firefox, NVIDIA, and AI platforms.

Hugging Face tokenizer files can be manipulated to hijack AI model outputs and exfiltrate data.

OpenAI launches Daybreak, an AI-powered platform for vulnerability detection and patch validation.

AIRDC, an AI-powered hidden remote desktop control tool, advertised for sale by threat actors targeting Windows.

Google discovers hackers using AI to develop zero-day exploits, Android backdoors, and supply chain attacks.

Google TIG documents first confirmed AI-engineered zero-day exploit by threat actors

Google discloses first known zero-day 2FA bypass likely developed using AI by unknown threat actors.

Google identifies first AI-generated zero-day exploit designed to bypass 2FA on web administration tool.

Google reports hackers used AI to develop zero-day exploit for web admin tool.

Google detects AI-developed zero-day exploit before cybercrime group mass-exploitation campaign.

Hackers abuse Vercel GenAI to mass-produce convincing phishing sites mimicking Microsoft, Adidas, Nike.

Attackers abuse Google Ads and Claude.ai shared chats to distribute macOS malware via social engineering.

Critical out-of-bounds read in Ollama allows remote memory leak affecting 300K+ servers.

ClaudeBleed vulnerability in Claude Chrome extension allows data exfiltration via guardrail bypass.

Chrome extension flaw in Anthropic's Claude allows malicious plugins to hijack AI agent without permissions.

Braintrust AI platform suffers AWS account breach exposing customer API keys.

Analysis of 25M security alerts reveals 1% of confirmed incidents came from low-severity alerts, with one missed threat

ClaudeBleed vulnerability in Claude Chrome extension allows attackers to hijack AI agent via prompt injection.

Hackers use fake Claude AI site to distribute new Beagle backdoor malware via malvertising.

Microsoft discloses RCE vulnerabilities in Semantic Kernel AI agent framework via prompt injection.

Mitiga researchers disclose OAuth token theft vulnerability in Claude Code via MCP hijacking.

Threat actors use LLMs to develop malicious browser extensions disguised as AI tools.

AI coding agents (Claude Code, Gemini CLI, Copilot CLI) vulnerable to malicious repo injection enabling supply chain

Thousands of AI-coded web apps expose sensitive corporate and personal data via misconfigured deployments.

Gemini CLI vulnerability allowed prompt injection to enable supply chain attacks via GitHub issues.