Today’s attack surface is shifting from the endpoint to the API, and AI and third-party SaaS are worsening the issue. CISOs offer advice for API defense. Recent breaches suggest attackers are shifting ...

TL;DR AI risk doesn’t live in the model. It lives in the APIs behind it. Every AI interaction triggers a chain of API calls across your environment. Many of those APIs aren’t documented or tracked.

Fake Antigravity downloads are enabling fast account takeovers using hidden malware and stolen session cookies.

In today's security landscape, some of the most dangerous vulnerabilities aren't flagged by automated scanners at all. These ...

Thanks to Anthropic's Mythos presaging a world in which zero-day exploits are common, one cybersecurity expert says the new mantra is this: "assume you are unpatched." Vendors and customers must focus ...

How API keys of multiple Vercel customers led to the compromise of Vercel's environment variables marked as “sensitive.” ...

From CRM systems and collaboration tools to productivity suites and line-of-business applications, Software-as-a-Service ...

Here''s a scenario that might sound familiar. A company spends months rolling out a robust cloud security stack. CSPM tools?

Attackers can abuse the near-maximum severity flaw in nginx-ui to restart, create, modify, and delete NGINX configuration ...

Email subscription bombing (also known as subscription flooding or email spam bombing) is an attack technique that overwhelms ...

The US-China gap in top AI model performance has effectively closed, according to a 2025 report from Stanford University's ...

A convincing impersonation of TidBITS contributor Glenn Fleishman on our public Slack group fooled an experienced IT ...