Multiple threat actors are abusing the GitHub API to discover organizations’ repositories and members via ghost accounts.
The identity layer for AI agents is finally being built. What MCP, A2A and new research delivered since March, and what's ...
New VentureBeat survey data: 69% of enterprises share AI agent credentials, letting one compromised agent inherit the access ...
According to Socket, malicious payment SDK packages on npm and PyPI are harvesting developer credentials and CI/CD ...
Malicious packages on the Node Package Manager (npm) and the Python Package Index (PyPI) delivered stealer malware to ...
Refael Angel, Co-Founder and CTO of Akeyless, is a cybersecurity and software engineering leader with deep experience in ...
Machine identities now outnumber human users across most enterprises, yet many remain unmanaged, overprivileged, and ...
The FBI warned that TeamPCP software supply chain attacks targeted developer tools to steal cloud credentials, SSH keys, and ...
An attacker broke into competitive-intelligence vendor Klue, stole OAuth tokens its customers use to connect to Salesforce and other platforms, and accessed data across multiple customer environments ...
Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE-2026-4020 (CVSS ...
Much has been written about how the days of phishing emails laden with broken grammar and crude design are numbered, largely thanks to AI. Meanwhile, EvilTokens offers a somewhat different example of ...
OpenAI is considering drastically lowering the prices it charges users as it seeks to win customers from its rival Anthropic. The company is weighing significant cuts to what it charges for tokens, ...