Dashlane said that attackers mounted a coordinated hacking campaign against a large base of its users in an attempt to ...

The codexui-android npm package silently exfiltrated OpenAI Codex auth tokens to an attacker server for a month, affecting 29,000 weekly downloads.

Cybersecurity researchers at Aikido Security have uncovered a malicious supply chain attack targeting OpenAI Codex developers via the npm package “codexui-android”. While the associated GitHub ...

Codex tokens were exfiltrated via a popular npm package, affecting users since v0.1.82 and enabling persistent account access ...

A serious security vulnerability in a widely used open-source Python component could put a large number of AI agents ...

The post Benchmarking AI Pentesting Tools: A Practical Comparison appeared first on Escape – Application Security & Offensive Security Blog. Agentic pentesting isn't just another flavor of scanner.

Abstract: Public-key digital certificate has been widely used in public-key infrastructure (PKI) to provide user public key authentication. However, the public-key digital certificate itself cannot be ...

Google Cloud API keys, normally used as simple billing identifiers for APIs such as Maps or YouTube, could be scraped from websites to give access to private Gemini AI project data, researchers from ...

Security researcher demonstrates how attackers can hijack Anthropic’s file upload API to exfiltrate sensitive information, even with network restrictions enabled. A newly disclosed vulnerability in ...

On October 25, 2025, Japan time, the safety team at X (formerly Twitter) called on users to re-register the security keys they use for two-factor authentication when logging into their accounts. This ...

The platform’s lifecycle management, cross-app access, and verifiable credentials aim to reduce attack surfaces and ensure compliance as AI agents gain elevated access across enterprise systems.