InfoWorld

New npm worm hits CI pipelines and AI coding tools

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a dormant wipe mechanism.
IEEE

Using AI to Inject Vulnerabilities in Python Code

Abstract: Developing software that is free of vulnerabilities is an ongoing challenge for developers, as their impact may not be apparent until they are exploited. Although security tools can help ...
Cloud Security Alliance

Logic-Layer Prompt Control Injection (LPCI): A Novel Security Vulnerability Class in Agentic Systems

As AI agents evolve and become increasingly autonomous, they gain the ability to perform complex tasks without direct human intervention. This capability, however, introduces new and sophisticated ...