News 3 min read
GitGuardian 2026: 29 million secrets on GitHub, AI makes it worse
GitGuardian's State of Secrets Sprawl 2026 report reveals 29 million hardcoded secrets on GitHub. AI commits leak 2x more, and 70% of 2022 secrets are still valid.
Vulnerabilities 3 min read
ChatGPT vulnerability: silent conversation exfiltration via a single prompt
Check Point reveals a ChatGPT flaw enabling conversation and file exfiltration through a hidden DNS channel. Patched by OpenAI on February 20, 2026.
Threat Intelligence 2 min read
LiteLLM compromised on PyPI: TeamPCP chains Trivy, Checkmarx, LiteLLM in 5 days
TeamPCP compromised LiteLLM on PyPI on March 24, 2026 via a cascading supply chain attack. 95 million monthly downloads, credentials stolen.
Vulnerabilities 2 min read
CVE-2026-26144 (Excel/Copilot): silent data exfiltration via AI
A flaw in Microsoft Excel allows Copilot Agent to exfiltrate data without user interaction. Zero-click, critical, patch available since March 10.
Tutorials 2 min read
Claude Chrome extension flaw: how to audit your browser extensions
A vulnerability in Anthropic's Claude Chrome extension allowed silent prompt injection. Practical guide to auditing and securing your browser extensions.
Tools 2 min read
LangChain: 3 flaws expose your data, secrets, and AI conversations
Three vulnerabilities discovered in LangChain and LangGraph expose filesystem data, environment secrets, and conversation history. 52 million weekly downloads.
Compliance 3 min read
EU AI Act: what cyber teams must prepare before August 2026
The EU AI regulation enters full application on August 2, 2026. Cybersecurity requirements, timeline, penalties, and preparation guide for CISOs.
Tutorials 3 min read
OWASP Top 10 LLM: the 10 security risks of AI applications
Complete guide to the OWASP Top 10 for LLM applications. Prompt injection, data exfiltration, model poisoning: understand and defend.
Tools 2 min read
Sec-Gemini: Google invests $12.5M in AI-powered open source security
Google, Amazon, Microsoft, Anthropic and OpenAI collectively invest $12.5M to secure open source. Big Sleep and CodeMender find vulnerabilities automatically.
Vulnerabilities 2 min read
CVE-2026-33017 (Langflow): CVSS 9.3, exploited within 20 hours
Technical analysis of CVE-2026-33017, a critical Langflow vulnerability allowing unauthenticated remote code execution. Exploited within 20 hours of disclosure.
Tutorials 3 min read
Shadow AI: 76% of companies affected, how to regain control
Shadow AI is now the top enterprise risk. 76% of organizations are affected and 31% don't know if an AI breach has occurred. Practical detection and governance guide.