CSO Online

Claude Code has an MCP security problem — and your developers are already using it

The Mitiga disclosure is the most recent, but it is not the first time Claude Code’s configuration model has created a ...
The Hacker News

IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks

Multiple npm supply chain attacks used 50+ poisoned packages to spread IronWorm, a Rust-based stealer, and a Miasma worm ...
The Hacker News

Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)

Redis CVE-2026-23479 enables authenticated RCE; affecting versions since 7.2.0, patched May 5 to reduce exploitation risk.

'Please do not vibe f--- up this software': Broken backups spark AI coding row in rsync project

Users probe backup failures find Claude-assisted commits. Veteran engineer retorts: 'I did not just vibe-code 'convert test ...

Token Security Launches Enzo, the AI-Native Application Builder That Operationalizes Identity Security

“Identity is the only control plane that successfully secures agentic AI,” said Itamar Apelblat, CEO and co-founder of Token ...

Cisco Warns Agentic AI Will Put New Pressure on Enterprise Networks

Cisco executives said agentic AI could triple network traffic, creating new infrastructure and security demands for ...

Enterprise AI’s Security Time Bomb Is Ticking. Cisco Shares Its Plan.

Cisco warns AI is cutting attack timelines from weeks to minutes. Agents, identity gaps, and scale are creating risks most ...
Dark Reading

Attackers Use AI to Automate EDR Evasion Testing

Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows ...
InfoWorld

Google brings local AI agents to laptops with Gemma 4 12B

The release moves agentic AI closer to users, but enterprises must still overcome hardware and security hurdles.
Tech Times

Red Hat npm Packages Compromised, 57 More Follow: Signed Attestations Cannot Block Pipeline Hijack

Miasma compromised 32 Red Hat packages June 1 via a hijacked CI/CD pipeline producing valid SLSA attestations, then hit 57 more June 3 using Phantom Gyp to evade install monitors. Red Hat confirmed no ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...

Why AI systems may never be secure, and what to do about it

THE PROMISE at the heart of the artificial-intelligence (AI) boom is that programming a computer is no longer an arcane skill: a chatbot or large language model (LLM) can be instructed in simple ...