When OpenAI engineers discovered that a poisoned update to a widely used JavaScript library had executed on two corporate ...

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...

Sure, AI agents such as Mythos can find security vulnerabilities in software, but the bigger question is whether they can ...

A poisoned open-source dependency let attackers breach two OpenAI employee devices and steal credentials from a limited set of its internal source code repositories, OpenAI confirmed in a May 14, 2026 ...

Microsoft warned Exchange Server customers about critical OWA vulnerability CVE-2026-42897 affecting on-premises deployments.

On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow ...

OpenAI said it found no evidence that user data was accessed after a supply-chain attack involving the TanStack npm library.

Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.

OpenAI reported no user data compromise after a supply-chain attack targeting the TanStack npm library, part of the broader ...

OpenAI confirmed on Wednesday that it found no evidence suggesting user data was compromised following a security incident ...

Microsoft Threat Intelligence said attackers placed malicious code inside a Mistral AI download distributed through a Python ...

Developers are being hit with massive, unexpected charges, sometimes over $67,000, because Google’s budget alerts and fraud ...