An exposed attack server led Lexfo to three Microsoft 365 phishing operations using Evilginx and device code abuse to capture ...
AI Now’s Friendly Fire PoC shows Claude Code and Codex running README-planted payloads on hosts when autonomous command ...
Rogue Agent, a vulnerability in Google Cloud Dialogflow CX, allowed attackers to control agents and exfiltrate sensitive data.
JadePuffer, a ransomware operation, used an AI agent to carry out much of the intrusion chain from reconnaissance, key theft, ...
Varonis reported the flaw to Google in late 2025 and it has been addressed, but it reminds defenders to take a look at their ...
ActiveState explains how GitHub Actions attack chains can evade traditional CI security scanners, why passing a scan doesn't ...
A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit, ...
One compromised agent could take over every other agent in that project ...
New Helix extortion group steals SharePoint data after compromising Microsoft 365 accounts through voice phishing and MFA abuse.
ESET Research has released its H1 2026 Threat Report with statistics from December 2025 through May 2026.ClickFix – a social engineering ...
Ethereum gossipsub vulnerability CVE-2026-34219 lets any unauthenticated peer crash a validator with a single crafted PRUNE ...
IBM and Red Hat have launched Lightwell to automate vulnerability remediation across enterprise open-source software ...