Three popular plugins served malicious JavaScript through a compromised CDN.

Security vendors and their customers have spent considerable time debating where to draw the line between “legitimate” AI agents and “malicious” bots. A 31-day campaign against a major consumer ...

New integration makes AI visibility, governance, and risk mitigation for Claude Enterprise and Claude Platform part of extended attack surface management ...

APi Group Corporation (NYSE: APG) (“APi” or the “Company”), a global, market-leading business services provider of safety and specialty services, today announced its debut on the 2026 Fortune 500 list ...

Cloudflare VoidZero acquisition gives a competing CDN governance of Vite, the open source JavaScript build tool with 130 ...

Founded by Evan You, VoidZero was created with the goal of building a unified, high-performance JavaScript toolchain. Rather than focusing on a single framework, the ...

Anthropic acquired Stainless, the SDK compiler behind OpenAI, Gemini and Llama. The deal hands one AI lab structural leverage over rivals' developer ecosystems.

A hardcoded ClickUp API key exposed hundreds of corporate and government emails for over a year, raising new SaaS security concerns. A hardcoded API key embedded in ClickUp’s public website has ...

Abstract: Many JavaScript applications perform HTTP requests to web APIs, relying on the request URL, HTTP method, and request data to be constructed correctly by ...

A large-scale cybersecurity study has revealed a serious global web security issue involving exposed API credentials tied to major platforms, including Amazon Web Services, Stripe, and OpenAI. After ...

New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private ...