CSO Online

Unpatched ChromaDB flaw leaves servers open to remote code execution

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...

Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...
Tech Times

AI vs AI Cybersecurity: Sysdig Documents First LLM-Agent Intrusion in the Wild

AI vs AI cybersecurity arrived in documented form on May 10, when an LLM agent drove a four-pivot intrusion to database exfiltration in under an hour with no human direction. CrowdStrike data puts ...
InfoWorld

Microsoft’s open-source toolkit for controlling out-of-control AI agents

The Agent Governance Toolkit brings runtime policy enforcement to autonomous agents, targeting the OWASP top 10 agent risks.
Windows Report

Microsoft Warns Storm-2949 Is Stealing Data From Microsoft 365 And Azure

Microsoft says Storm-2949 targets Microsoft 365 and Azure environments using MFA abuse, password resets, and cloud data theft ...

Microsoft Self-Service Password Reset abused in Azure data theft attacks

A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate ...
InfoWorld

FastAPI-based AI tools exposed to authentication bypass by flaw in Starlette framework

Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers ...
Analytics Insight

Anthropic Acquires Stainless for Over $300M to Strengthen AI SDK and Tool Access

Anthropic has completed the acquisition of the developer tools startup Stainless, bringing a widely used software platform in ...

Anthropic Buys Stainless To Cut Off OpenAI And Google SDK Access

Anthropic acquired Stainless, the SDK toolmaker behind OpenAI and Google, then shut the hosted products down for rivals.
Microsoft

How Storm-2949 turned a compromised identity into a cloud-wide breach

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft ...

Keycard Launches Identity and Access for Multi-Agent Apps

Keycard for Multi-Agent Apps Lets Developers Build Secure Autonomous Applications Where Access is Delegated Between Agents, on a Per-Task Basis, Without Standing PrivilegesSAN FRANCISCO, May 14, 2026 ...