A Claude code plugin in an afternoon: What I learned

Plugins for AI coding tools sound like complex infrastructure. In practice, Markdown files and an HTTP API are sufficient.
CSO Online

Claude uncovers a 13‑year‑old ActiveMQ RCE bug within minutes

The decade-old ActiveMQ flaw was uncovered and weaponized in minutes, showing AI’s exploit-building potential amid the Mythos ...
CSO Online

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional authentication is incapable of securing AI agents, the company says, as it announces Access Intelligence.
SecurityWeek

Google Rolls Out Cookie Theft Protections in Chrome

Google’s Device Bound Session Credentials in Chrome protect against session cookie theft by binding authentication to the ...
The Hacker News

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.
InfoWorld

Tap into the AI APIs of Google Chrome and Microsoft Edge

The Chrome and Edge browsers have built-in APIs for language detection, translation, summarization, and more, using locally ...
Communications of the ACM

Subscription Bombing: Email under Attack

Email subscription bombing (also known as subscription flooding or email spam bombing) is an attack technique that overwhelms a target’s inbox with a high volume of benign but unwanted emails. The ...

AI agent credentials live in the same box as untrusted code. Two new architectures show where the blast radius actually stops.

Anthropic and Nvidia have shipped the first zero-trust AI agent architectures — and they solve the credential exposure ...

Your AI agents are already inside the building, and nobody knows who they report to – but Okta does

Okta's Ariel Kadyshevitch says visibility is the single most important thing a CISO can do right now to get non-human ...