Dark Reading

US Cracks Down on Anthropic AI Models Amid Abuse Concerns

Nation-state threat actors and cybercriminals are growing more sophisticated in how they use foundational AI models in their offensive campaigns, reportedly worrying the US government enough to ban ...

The attack dominating financial services doesn't steal passwords. It resets MFA and steals the token.

Credential theft fell to 13% of breach vectors in 2026. Attackers now bypass MFA via help desk resets and OAuth token theft.
International Business Times

500 Poisoned Packages, Hundreds of Companies: TeamPCP’s Worm Just Reached GitHub

A GitHub employee installed a routine VS Code extension update on the morning of May 18, 2026. That single action handed cybercrime group TeamPCP enough access to exfiltrate approximately 3,800 of ...
techtimes

AI vs AI Cybersecurity: Sysdig Documents First LLM-Agent Intrusion in the Wild

Security professionals have spent two decades defending against human attackers who use automation as a force multiplier. That model is obsolete. The adversary now fielding against every ...
Hosted on MSN

Malicious open-source packages have surged 73% in 2026 as attackers poison the software supply chain

In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million times per week on npm, and pushed poisoned versions straight to the public ...

CISA Tells US Agencies to Fix Security Bugs in as Little as 3 Days Thanks to AI Threats

Defenders cannot afford to take weeks to patch,” one Cybersecurity and Infrastructure Security Agency official warned on ...
Federal News Network

CISA close to issuing new cyber AI directive

The Cybersecurity and Infrastructure Security Agency will develop a new platform to help agencies take advantage of defensive ...
The Hacker News

ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories

ThreatsDay Bulletin covers AI abuse, poisoned packages, phishing, macOS attacks, SD-WAN flaws, scams, and supply-chain ...

CISA Contractor Exposed Sensitive Credentials in Public GitHub Repository

CISA is investigating after a contractor’s public GitHub repository exposed AWS GovCloud credentials, internal files, and passwords.

Why automated open source scans don't guarantee license compliance

Hannah Dacayanan of UnitedLex discusses ways in which automated software composition analysis tools identify open source ...