Security Boulevard

How we made Trail of Bits AI-native (so far)

This post is adapted from a talk I gave at prompted, the AI security practitioner conference. Thanks to Gadi Evron for ...

Security experts discover critical flaw in OpenAI's Codex able to compromise entire organizations

Researchers managed to steal GitHub OAuth tokens by abusing a command injection vulnerability.

Fake VS Code alerts on GitHub spread malware to developers

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the ...
The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...

macOS 26.4 has new Terminal popup warning when pasting commands

OS Tahoe 26.4 users have discovered that the update adds a new Terminal security popup when you first try to paste in commands.

New Windows 11 Canary builds bring plenty of Command Line improvements

A pair of new Windows 11 Canary builds is now available for testing, and one of them brings tons of Command Line improvements ...
NPR

Code Switch

What's CODE SWITCH? It's the fearless conversations about race that you've been waiting for. Hosted by journalists of color, our podcast tackles the subject of race with empathy and humor. We explore ...

Okta’s CEO is betting big on AI agent identity

Why Todd McKinnon thinks it’s ‘naive’ not to prepare for the SaaSpocalypse ...