Security Boulevard

Attacking the MCP Trust Boundary

Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol ...
Decrypt

OpenAI Just Open-Sourced a Tool That Scrubs Your Secrets Before ChatGPT Ever Sees Them

OpenAI has released Privacy Filter: a small, free model that masks sensitive info before you paste it into an AI chatbot.
The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.

New GoGra malware for Linux uses Microsoft Graph API for comms

A Linux variant of the GoGra backdoor uses legitimate Microsoft infrastructure, relying on an Outlook inbox for stealthy ...

Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A prompt injection attack hit Claude Code, Gemini CLI, and Copilot simultaneously. Here's what all three system cards reveal ...

I got an early look at ChatGPT Images 2.0, and it's impressive - with one exception

Many of us have long struggled to convince ChatGPT to generate images in a specific desired aspect ratio. Often, the AI ...
The Next Web

GitHub freezes new Copilot sign-ups as agentic AI breaks the economics of flat-rate developer subscriptions

GitHub has paused new Copilot Pro, Pro+, and Student sign-ups as agentic AI workflows generate costs exceeding monthly plan ...
eWeek

Anthropic's Opus 4.7 Sets a New Benchmark Bar

Claude Opus 4.7 is Anthropic's newest flagship model, boasting a jump to 64.3% on SWE-bench Pro (a brutal test of fixing real ...
Security Boulevard

GitHub Actions Supply Chain Attack: Trivy Breach & Workflow

Breakdown of the Trivy GitHub Actions attack, including workflow misconfigurations, token theft, and supply chain exposure.
decrypt

What Is Hermes? The Self-Improving AI Agent Coming for OpenClaw

Add Decrypt as your preferred source to see more of our stories on Google. Hermes Agent saves every workflow it learns as a reusable skill, compounding its capabilities over time—no other agent does ...

How I vibe-coded a web tool in three days with no programming experience

AI chatbots make it possible for people who can’t code to build apps, sites and tools. But it’s decidedly problematic.
Bleeping Computer

Claude Code leak used to push infostealer malware on GitHub

Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. Claude Code is a terminal-based AI agent from ...