Alarm bells are ringing in the open source community, but commercial licensing is also at risk Earlier this week, Dan Blanchard, maintainer of a Python character encoding detection library called ...

Malicious AI browser extensions posing as helpful assistants harvested ChatGPT and DeepSeek chat data from nearly 900,000 users, Microsoft says.

BlackBox AI, a popular VS Code coding assistant, has a critical indirect prompt injection vulnerability. Hackers can exploit this to gain remote root access to a user’s computer.

Agent skills shift AI agents toward procedural tasks with skill.md steps; progressive disclosure reduces context window bloat in real use.