SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
Unite.AI

OpenAI’s Daybreak Wants to Own the Patch, Not Just the Bug

OpenAI expanded its Daybreak security program on June 22, 2026, and it's easy to read the announcement as one more model drop ...

New Apple Exploit Exposes Millions of iPhones Worldwide, No Software Fix Available

Researchers disclosed usbliter8, a SecureROM exploit affecting older Apple devices that can bypass boot protections with ...
GitHub

crashoz/mcp-exploit-tools

📖 Docs site: https://crashoz.github.io/mcp-exploit-tools/ — the exploit write-ups, rendered. A minimal, low-level MCP server with zero third-party dependencies ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the ...
The Hacker News

Hacking Salesforce Sites With an LLM Agent

AI is changing the security landscape. More and more threat groups incorporate LLMs into their reconnaissance and exploitation workflows. The notion that some vulnerabilities are too complex to ...
GitHub

detection-engineering

Complete 90-day learning path for AI security: ML fundamentals → LLM internals → AI threats → Detection engineering. Built from first principles with NumPy implementations, Jupyter notebooks, and ...