If you are building a simple dashboard or a form-based application, the traditional JSON API (REST or GraphQL) approach is ...

Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused ...

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

A fake repository mimicking OpenAI’s Privacy Filter on Hugging Face accumulated ~244,000 downloads before being removed. It delivered a multi-stage Rust infostealer ...

Whether you want simple fire-and-forget alerts or full two-way control, here's how to securely wire your AI agent into Slack.

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.

A 6MB editor quietly replacing tools that cost ten times more.

ESP-Claw turns your ESP32 into a full fledged AI agent, with web search and Telegram support.

MegaConvert.io is a free online file converter that supports 500+ format pairs in 47 languages - convert PDF, images, video, audio, ebooks, and more from any browser in seconds, with no signup required ...

Structured data capture in Revvity Signals One turns lab data into searchable, auditable records for real-time analytics and ...

The post How Escape AI Pentesting Exploited SSRF in LiteLLM appeared first on Escape – Application Security & Offensive Security Blog. At Escape, we routinely test the AI infrastructure that teams ...