Armored Likho BusySnake Stealer, a Python-based infostealer first disclosed by Kaspersky, is actively targeting government ...
An exposed attack server led Lexfo to three Microsoft 365 phishing operations using Evilginx and device code abuse to capture ...
According to Socket, malicious payment SDK packages on npm and PyPI are harvesting developer credentials and CI/CD ...
Sophos says Claude Code, Cursor, and Codex triggered Windows endpoint rules for credential access, LOLBin downloads, and ...
SentinelOne says macOS.Gaslight uses prompt injection to mislead AI-based malware analysis, steal data, and use Telegram for ...
A new report reveals that AI agents can execute ransomware attacks autonomously, as demonstrated by the case of JADEPUFFER, ...
An exposed WP-SHELLSTORM server revealed tools, logs, cloud credentials, and thousands of webshells used in a large website ...
Mozilla researchers revealed a new attack that tricks Claude Code into running hidden commands from seemingly harmless GitHub ...
Researchers at Sysdig say an AI agent called JADEPUFFER carried out a fully autonomous ransomware attack in just 31 seconds, exploiting a Langflow CVE-2025-3248 flaw, adapting to failed exploits in ...
An "agentic threat actor" successfully exploited a Langflow flaw to steal data from a production database server and encrypt ...
A new framework called SkillWeaver tackles AI agent tool routing by skipping full-library loading, cutting token use 99% on ...
Project Mirage has unveiled Dune, a three-button MacBook accessory that offers context-aware shortcuts, AI-powered automation ...