Cursor Extension Flaw Exposes Developer API Keys
Cursor flaw lets extensions steal API keys and session tokens without user interaction, according to researchers at LayerX
20 articles
Cursor flaw lets extensions steal API keys and session tokens without user interaction, according to researchers at LayerX
Researchers uncover a malicious npm dependency linked to an AI‑assisted code commit that steals sensitive data and exposes crypto wallets
When the Iran conflict escalated the way it did, most businesses had no playbook for it. The disruption didn’t stay in the region.
KELA claims infostealers remained the primary access vector for attacks in 2025
As AI tools evolve from siloed chatbots to autonomous, hyperconnected systems, they create a vast new attack surface. Discover how to manage this risk by foc...
This week on Experts on Experts, I’m joined by Christiaan Beek, Rapid7’s VP of Threat Analytics, to talk through what we’re seeing in the 2026 threat landsca...
A man accused of working as a hacker for China's Ministry of State Security has been extradited to the USA from Italy, and faces - if found guilty - the pros...
Every security team has a version of the same story. The quarter ends with hundreds of vulnerabilities closed.
That’s a lot. No, it’s an extraordinary number: Since February, the Firefox team has been working around the clock using frontier AI models to find and fix l...
RunSafe report reveals most attacks on medical devices disrupt patient care
phpMyFAQ 4.0.
OpenKM 6.3.
Atlona ATOMERX21 - Authenticated Command Injection
How we built an open-source, drop-in CI template that uses signal extraction and LLM reasoning to catch CI/CD abuse in GitHub Actions, GitLab CI, and Azure D...
The AWS Customer Incident Response Team (AWS CIRT) regularly encounters patterns that repeat across their engagements when helping customers respond to secur...
As organizations expand their Amazon Web Services (AWS) footprint, managing secure, scalable, and cost-efficient access across multiple accounts becomes incr...
Learn how Microsoft Sentinel UEBA helps defenders distinguish benign AWS activity from attacker behavior by enriching raw CloudTrail logs with clear, binary ...
The first quarter of 2026 saw a surge in Internet disruptions, from nationwide shutdowns in Uganda and Iran to unprecedented drone strikes on cloud infrastru...