News

The Hacker News

SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers

Zscaler reveals SilentSync remote access trojan hidden in two malicious PyPI Python packages, risking browser data theft and ...
Security Boulevard

How Tenable Found a Way To Bypass a Patch for BentoML’s Server-Side Request Forgery Vulnerability CVE-2025-54381

Tenable Research recently discovered that the original patch for a critical vulnerability affecting BentoML could be bypassed ...
Cloud Security Alliance

API Security in the AI Era

Learn how AI-driven APIs reshape threat models and discover actionable security practices to protect data and prevent ...
Security Boulevard

Sandboxed to Compromised: New Research Exposes Credential Exfiltration Paths in AWS Code Interpreters

In my first article on Bedrock AgentCore Code Interpreters, I demonstrated that custom code interpreters can be coerced into performing AWS control plane actions by non-agentic identities. This ...