Today’s attack surface is shifting from the endpoint to the API, and AI and third-party SaaS are worsening the issue. CISOs offer advice for API defense. Recent breaches suggest attackers are shifting ...

TL;DR AI risk doesn’t live in the model. It lives in the APIs behind it. Every AI interaction triggers a chain of API calls across your environment. Many of those APIs aren’t documented or tracked.

A simple brute-force method exploits AI randomness to generate restricted outputs. Here’s how it puts your data, brand, and ...

Exposed LLM servers are being actively scanned and exploited. Learn how attackers find misconfigured AI infrastructure and ...

Fake Antigravity downloads are enabling fast account takeovers using hidden malware and stolen session cookies.

Thanks to Anthropic's Mythos presaging a world in which zero-day exploits are common, one cybersecurity expert says the new ...

How API keys of multiple Vercel customers led to the compromise of Vercel's environment variables marked as “sensitive.” ...

The moment AI agents started booking meetings, executing code, and browsing the web on your behalf, the cybersecurity conversation shifted. Not slowly, but instead overnight.What used to be a ...

From CRM systems and collaboration tools to productivity suites and line-of-business applications, Software-as-a-Service ...

Employees are using unapproved AI tools. Learn the risks of shadow AI, including data leaks and identity sprawl & how ...

Attackers can abuse the near-maximum severity flaw in nginx-ui to restart, create, modify, and delete NGINX configuration ...

A convincing impersonation of TidBITS contributor Glenn Fleishman on our public Slack group fooled an experienced IT ...