May 2026 dropped three critical Linux vulnerabilities on a near-weekly cadence, and the security discourse has mostly treated them as three separate bad days. They’re not. Together they form a ...

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

A fake repository mimicking OpenAI’s Privacy Filter on Hugging Face accumulated ~244,000 downloads before being removed. It delivered a multi-stage Rust infostealer ...

I stopped manually cleaning spreadsheets after Claude did it in minutes, and it's what it does better than any other AI.

Google's GTIG identified the first zero-day exploit developed with AI and stopped a mass exploitation event. The report documents state actors using AI for vulnerability research and autonomous ...

Google says attackers are using AI for zero-day research, malware development, reconnaissance, and access to premium AI tools ...

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.

A 6MB editor quietly replacing tools that cost ten times more.

The terminal is fine. But if you actually want to live in your Hermes agent, here are the four best GUIs the community has ...

Do we even need Anthropic or OpenAI's top models, or can we get away with a smaller local model? Sure, it might be slower, ...

The post How Escape AI Pentesting Exploited SSRF in LiteLLM appeared first on Escape – Application Security & Offensive Security Blog. At Escape, we routinely test the AI infrastructure that teams ...