University of Toronto researchers demonstrate how open-weight local LLMs can be used to autonomously exploit flaws and misconfigurations typical found in most enterprise networks, feeding off abused ...
A practitioner's breakdown of the CSRF attack: how the forged request works, two documented exploits, a manual test, and the ...
North Korean hackers are targeting open source software developers with a backdoor and an information stealer as part of a ...
Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
SearchLeak and a three-CVE LiteLLM chain broke the same AI trust boundary in two weeks. A 5-check audit maps each gap to a ...
Researchers have discovered two vulnerabilities in the widely used Cursor AI-enabled integrated development environment (IDE) ...
In 2025 and 2026, several independent sources have highlighted the same trend: Prompt injection remains one of the most ...
The gold rush of desktop AI tools has made it incredibly easy to download rogue software or fall victim to supply chain ...
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading ...
Nextcloud CEO: Open source moves from 'a nerdy audience' to the geopolitical stage Frank Karlitschek, head of the German software vendor, talked about the company’s decision to help develop the ...
University of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language model to reason its way through a network, ...