Wordfence has blocked 17M+ exploit attempts targeting a Gravity SMTP bug that leaks API keys, OAuth tokens, and full system reports without authentication.
Gravity SMTP WordPress vulnerability CVE-2026-4020 has drawn 17 million automated exploit attempts since May 2026, draining ...
Attackers are exploiting CVE-2026-4020 in Gravity SMTP to leak API keys, OAuth tokens, and system data from WordPress sites.
At least 15 malicious plugins found on the JetBrains Marketplace were designed to steal AI API keys from developers. The campaign, discovered by Aikido Security, includes plugins that act as AI coding ...
At least 15 plug-ins for JetBrains IDEs transmit API keys to an external server, while otherwise offering their promised functions.
Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your ...
A new framework called SkillWeaver tackles AI agent tool routing by skipping full-library loading, cutting token use 99% on ...
New solution replaces static, permanent API keys with dynamic, revocable, least-privilege credentials designed to ...
Jamf says the Rust-based PamStealer targets Apple Silicon Macs, steals browser, wallet, Keychain, and clipboard data, and persists.
The next generation of the Model Context Protocol (MCP) enables enterprise-scale AI deployments but shifts critical security ...
TL;DR Why EN 303 645 matters ETSI EN 303 645 has given consumer IoT security a much-needed baseline. It gives manufacturers, assessors, and product teams a shared view of reasonable IoT security and ...
Zug, Switzerland, June 4th, 2026, ChainwireFirst initiative of the Casper Manifest ships to mainnet; $150,000 Agentic ...