Remember when browsers were simple? You clicked a link, a page loaded, maybe you filled out a form. Those days feel ancient now that AI browsers like Perplexity's Comet promise to do everything f [...]
A developer gets a LinkedIn message from a recruiter. The role looks legitimate. The coding assessment requires installing a package. That package exfiltrates all cloud credentials from the developer [...]
Security teams are buying AI defenses that don't work. Researchers from OpenAI, Anthropic, and Google DeepMind published findings in October 2025 that should stop every CISO mid-procurement. Thei [...]
Run a prompt injection attack against Claude Opus 4.6 in a constrained coding environment, and it fails every time, 0% success rate across 200 attempts, no safeguards needed. Move that same attack to [...]
Any development environment that installed or imported one of the 172 compromised npm or PyPI packages published since May 11 should be treated as potentially compromised. On affected developer workst [...]
Your web gateway can't see it. Your cloud access broker can't see it. Your endpoint protection can't see it. And yet 95% of organizations experienced browser-based attacks last year, ac [...]
GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and au [...]