InfoWorld

FastAPI-based AI tools exposed to authentication bypass by flaw in Starlette framework

Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers ...
InfoWorld

Anthropic acquires Stainless to strengthen Claude’s developer tooling

The deal gives Anthropic tighter control over how developers connect Claude to software and business systems as AI vendors ...
Microsoft

Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise

Phishing campaigns continue to improve sophistication and refinement in blending social engineering, delivery and hosting infrastructure, and authentication abuse to remain effective against evolving ...
Bleeping Computer

New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts. The threat ...
VentureBeat

We tested Anthropic’s redesigned Claude Code desktop app and 'Routines' — here's what enterprises should know

VentureBeat made with Google Gemini 3.1 Pro Image The transition from AI as a chatbot to AI as a workforce is no longer a theoretical projection; it has become the primary design philosophy for the ...
Krebs on Security

Russia Hacked Routers to Steal Microsoft Office Tokens

Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today.
Microsoft

Inside an AI‑enabled device code phishing campaign

Microsoft Defender Security Research has observed a widespread phishing campaign leveraging the device code authentication flow to compromise organizational accounts at scale. While traditional device ...
CSOonline

EvilTokens abuses Microsoft device code flow for account takeovers

A new phishing-as-a-service (PhaaS) campaign is abusing Microsoft’s device code authentication flow to gain unauthorized access to user accounts. Sekoia researchers first spotted the toolkit ...
SiliconANGLE

OpenAI Codex vulnerability enabled GitHub token theft via command injection, report finds

A critical vulnerability in OpenAI Group PBC’s Codex coding agent could have exposed sensitive GitHub authentication tokens through a command injection flaw, according to a new report out today from ...
Biometric Companies

AI agent identity and next‑gen enterprise authentication prominent at RSAC 2026

Passwordless authentication for humans and non-human identities is emerging as a key theme of RSA Conference 2026, with vendors rolling out new hardware, biometric and passwordless technologies ...
GitHub

becpg/becpg-java-rest-api

1.1.5 >= 4.2.3 >= 3.5 (Partial support on >=3.3) JAVA 17 Fix cm:person charact and single assoc 1.1.4 >= 4.2.3 >= 3.5 (Partial support on >=3.3) JAVA 17 Fix Memory ...
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

Cybersecurity researchers have disclosed what they say is an active "Shai-Hulud-like" supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential ...