cybernews

AI platform Dify, with 10 million installs, exposes users to one-click account takeover

Dify, a popular low-code AI application development platform with over 142,000 stars on GitHub, was found to contain critical vulnerabilities that allowed a one-click account takeover. Imperva ...

Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...

Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering

Four supply-chain attacks hit OpenAI, Anthropic, and Meta in 50 days — none inside the model. A 7-row matrix maps what AI ...

Digi International Launches Digi Connect EZ TS Serial Device Servers, Enabling Secure Transition to Modern IP Networks

Digi International Launches Digi Connect EZ TS Serial Device Servers, Enabling Secure Transition to Modern IP Networks ...
The New York Times

4 Easy Ways to Make Sure No One Can Read Your Text Messages

We independently review everything we recommend. When you buy through our links, we may earn a commission. Learn more› By Max Eddy Max Eddy is a writer who has covered privacy and security — including ...
PC Magazine

The Best Hardware Security Keys for 2026

Protecting your online accounts is crucial, and a hardware security key is one of your most effective defenses. These are the top security keys we've tested for keeping your information private and ...
Hackaday

This Week In Security: AI Generated Reports, More AI Generated Reports, GitHub Chaos, And More Linux Vulnerabilities

Google’s Project Zero demonstrates a new zero-click exploit for the Pixel 10 phones, showing a full escalation from remote to kernel without user interaction. During the investigation Project Zero ...