The risk is "materially understated", researchers are saying as passwords and critical data can be exfiltrated.

A serious security vulnerability in a widely used open-source Python component could put a large number of AI agents ...

Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers ...

A security researcher published six vulnerabilities in llama.cpp's model-file parser to the oss-security mailing list on May 15, 2026 — and none of them carry an assigned CVE number, meaning standard ...

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to ...

Open source robotics AI platform LeRobot surpassed 58,000 community datasets in 2026 — 50x growth in under a year — making it the largest dataset category on Hugging Face and signaling a ...

Google’s Project Zero demonstrates a new zero-click exploit for the Pixel 10 phones, showing a full escalation from remote to kernel without user interaction. During the investigation Project Zero ...

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.

Microsoft broke from its regular monthly patch schedule in late May 2026 to push an emergency fix for a vulnerability that ...

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...

On May 11, the same day Google's Threat Intelligence Group disclosed the first confirmed case of attackers using AI to build ...