ThreatsDay Bulletin covers AI abuse, poisoned packages, phishing, macOS attacks, SD-WAN flaws, scams, and supply-chain ...

A three-CVE chain lets any default LiteLLM user escalate to admin and get a shell on the gateway server. A separate RCE is ...

Three LiteLLM flaws let low-privilege users gain admin access and run code, exposing AI keys, secrets, prompts, and responses ...

A San Francisco company paid nearly $1 million for the solution to an unsolved code in Kryptos, a sculpture on the C.I.A.

As if the Miasma situation weren't bad enough, now this weapon is spreading like wildfire. Someone open sourced the entire ...

The company that launched ChatGPT in 2022 is now betting its future on something closer to WeChat than a Q&A box.

Agentic AI security dominated Infosecurity Europe 2026 as Toronto researchers proved a free open-weight AI worm can ...

A newly discovered malware campaign targeting the open source software ecosystem underscores how rapidly supply chain threats are evolving. The campaign, which JFrog has dubbed "IronWorm," targets ...

On Monday, Russian users found they could no longer reach PyPI, the package repository that Python developers rely on for ...

One of the many benefits of using iMessage is that you know your conversations are always end-to-end encrypted. That level of security has never previously extended to green bubble conversations. But ...