TL;DR AI risk doesn’t live in the model. It lives in the APIs behind it. Every AI interaction triggers a chain of API calls across your environment. Many of those APIs aren’t documented or tracked.

Harvester deploys Linux GoGra via Microsoft Graph API in South Asia, targeting India and Afghanistan since 2021, enabling ...

A new financially motivated hacking group tracked as BlackFile has been linked to a wave of data theft and extortion attacks ...

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.

Attackers published a malicious command-line version of the popular open-source password manager to the npm registry and may ...

How API keys of multiple Vercel customers led to the compromise of Vercel's environment variables marked as “sensitive.” ...

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.

The China-linked APT GopherWhisper has been using legitimate services and various Go-based backdoors in attacks.

Someone misused Rec Room's friend-finder feature to match phone numbers to the user names of hundreds of thousands of players ...

Bitwarden CLI 2026.4.0 was compromised in a supply chain attack that targets crypto wallet keys, SSH keys, and CI/CD secrets.

New voice APIs from xAI, ElevenLabs, OpenAI, Microsoft lower barriers to synthetic speech, challenging trust in voice ...

For context, npm is like an app store for code, facilitating speedy development by enabling managing and reusing code instead ...