Google expands Android developer verification globally after September rollout, adding authentication and delays to ...

Unit 42 found excessive P4SA permissions in Vertex AI, enabling credential theft and cloud data exposure, increasing breach ...

AI weaponizes the kill chain across hours or days, forcing continuous exposure and agentic defense to reduce exploitation ...

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

CVE-2026-3502 (CVSS 7.8) exploited in early 2026 via TrueConf updates, enabling Havoc malware deployment across government ...

AtlasCross RAT spreads via 11 fake domains registered October 27, 2025, enabling encrypted C2 control and persistence.

ChatGPT and Codex flaws patched Feb 2026 exposed DNS exfiltration and GitHub tokens, raising enterprise AI security risks.

Authentication Failures (A07) show the largest gap in the dataset: a 48-percentage-point difference between leaders and the field. Leaders fix at nearly 60%, while the field sits at roughly 12%.

M secrets leaked in 2025, up 34% YoY, driven by AI growth and poor remediation, expanding enterprise attack surfaces.

Russian CTRL toolkit spread via malicious LNK files in February 2026, routing C2 through FRP-tunneled RDP to evade detection.

Coruna reuses Triangulation kernel exploits targeting iOS 13–17.2.1 devices, expanding attacks into mass exploitation ...

Three LangChain flaws enable data theft across LLM apps, affecting millions of deployments, exposing secrets and files.