CPO Magazine

Axios Supply Chain Attack Hits OpenAI: Users Urged to Update macOS Certificates

The supply chain attack on third-party library Axios has forced OpenAI to revoke its code-signing certificate and require ...

How AI is changing the rules of cybersecurity

“Traditional security focused on obvious malicious inputs. With AI, attacks can be hidden in natural language, embedded in ...
DataBreachToday

Breach Roundup: Mr. Raccoon Wants Your Password

This week, a "Raccoon"-linked actor hit help desks, Eurail exposed 308K users, Fortinet patched critical flaws, Pushpaganda ...
The Next Web

Someone bought 30 WordPress plugins and planted backdoors in all of them

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...
The Caledonian-Record

Aware Finds 98% of Organizations Signal Urgent Need for Biometric Orchestration as AI-Driven ...

A new report, The State of Biometric Security in the Age of AI Fraud, from Aware, Inc. (NASDAQ: AWRE), a global leader ...
DataBreachToday

Grafana AI Bug Leaks Data With Zero-Click Exploit

A Grafana AI flaw enables zero-click data exfiltration by hiding malicious prompts in URLs, said a Noma Security report.
Computer Weekly

April Patch Tuesday brings zero-days in Defender, SharePoint Server

The latest monthly Patch Tuesday update from Microsoft landed earlier on 14 April, including two notable zero-day flaws amid ...

Man City beat Chelsea to turn up heat on Arsenal

Manchester City take full advantage of leaders Arsenal's slip-up with victory at Chelsea to ignite an enthralling Premier ...
Cybernews

Axios patches critical vulnerability that allows attackers to steal cloud credentials

Axios, a widely used JavaScript library, is affected by a new critical vulnerability that enables attackers to chain exploits ...
The Next Web

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Researchers hijacked Claude, Gemini, and Copilot AI agents via prompt injection to steal API keys and tokens. All three ...

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.

Microsoft assigned CVE-2026-21520 to a Copilot Studio prompt injection vulnerability and patched it in January — but in ...
The Hacker News

New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released

Two Composer flaws (CVE-2026-40176, CVE-2026-40261) allow command execution via Perforce configurations, prompting urgent ...