Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in ...
The accessibility tree decides whether an AI agent can read and act on your page. The 2026 data says the web is getting ...
JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
Add Decrypt as your preferred source to see more of our stories on Google. Bumblebee is a free, open-source tool that checks developer computers for compromised software, browser extensions, and AI ...
The first half of this year has been marked by a series of attacks on supply chains in the npm and PyPi ecosystems—and the culprit is TeamPCP, which stepped up the attacks as the months rolled on. But ...
On May 11, 2026, a self-replicating worm called Mini Shai-Hulud quietly slipped into 42 widely used TanStack open-source packages, corrupting 84 npm artifacts before anyone noticed. Within hours, the ...
TeamPCP, the threat actor behind the recentsupply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as ...