AI flaw-finder still under lock and key for now while company figures out guardrails, but made available to more users including governments

Or is it just life today, with AI constantly digging through code repositories in search of security holes?

Dirty Frag, Copy Fail, and Fragesia show the new reality

Hey, Gemini, how much can we earn from one pump-and-dump cycle?

Will Jason Statham save us?

Customers' info potentially handed to anyone who could send an HTTP request

Youll need a lot of detailed prompts to get solid output - and even then it may have errors and typos

'Budgets are moral documents,' Rep. Delia Ramirez said

Plenty of time for bad actors to grab data or hit you with a giant bill

Critical flaw payouts slashed by more than 75%

Leakage blamed on treacherous friends exposed unencrypted credentials, email addresses

Switchzilla says attackers could access sensitive data and make configuration changes across tenant boundaries through vulnerable internal APIs

Redmond open sources two tools for building and maintaining safer agents

Failing to disable a former employees account was a huge mistake

Another day, another AI bug silently fixed with no CVE and no public disclosure

Initial assessment says customer data spared while users wonder what else may have slipped out

A Freedom of Information Act request shows the extent of the surveillance

'Thousands' of US victims, including 12+ machines owned and operated by Redmond

I wonder what's in 'external-secret-repo-creds.yaml' and 'AWS-Workspace- Firefox-Passwords.csv'?

I wonder what's in 'external-secret-repo-creds.yaml' and 'AWS-Workspace- Firefox-Passwords.csv'?

The orgs staying mum on the details, but Wednesdays fixes reach back to unsupported 8.9 branches

While also spoofing all the trusted domains - Apple, Microsoft, and Google - in the same attack

Plus three other stealers in three other packages, all from the same scumbag

Plus ModuleJail, a radical proposal for minimizing the impact of similar bugs

Shai-Hulud worm exploited GitHub Actions misconfiguration to poison shared cache, now project weighing nuclear option on unsolicited contributions

Researchers say 18-year-old flaw already being probed and exploited just days after disclosure

Shift comes amid mounting reports of successful social engineering attacks targeting higher-ups in government

MoD says StormBreaker will plug gap until homegrown SPEAR 3 integration lands

Firefox maker says the tools are basic security infrastructure, not teenage contraband

No customer info stolen, no impact to operations, and no blackmail payment

Multiple researchers using the same tools to find the same bugs are creating unnecessary pain and pointless work

Attackers stole a limited amount of internal credential material after malware hidden in poisoned packages reached two staff machines

Parliamentary committee tells ministers online safety regime is failing children and warns 'no action is not an option'

Other than Instructure execs - maybe?

Owe Martin Andresen faces charges in both US and Germany connected with money laundering, claims he sent gold bars directly to his doorstep

Fresh kernel flaw comes with public exploit code and continues ugly run of highly reliable privilege escalation bugs tied to memory and page-cache handling

Human IT managers thought they were being nice to the boss, but were assisting a threat actor

UK researchers find LLMs are learning to finish jobs faster and improving all the time

Reducing memory requirements to control costs in a new wave of kit

Palo Alto Networks found and fixed 75 flaws this month, up from its usual five