Indirect prompt injection attacks are now draining cryptocurrency from AI agents in production. Zscaler ThreatLabz documented ...
Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The ...
A widely active phishing-as-a-service (PhaaS) operation known as FlowerStorm has begun using a browser-based virtual machine to conceal credential theft code, marking what researchers say is an ...
The OpenSourceMalware team has uncovered a massive threat campaign that is implanting malware in GitHub users and organizations repositories. The threat actor, PolinRider, has implanted a malicious ...
A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad. "It likely uses AI-assisted obfuscation and ...
Allen Institute for AI, a prominent Seattle-based nonprofit research organization working on advancing artificial intelligence models and systems, today launched a new open-source AI agent that can ...
ThreatDown’s EDR team discovered a sophisticated, multi-stage attack chain during an active investigation; the first documented case of attackers abusing the Deno runtime as a malware execution ...
The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach reports, expert analysis, and actionable insights for infosec professionals and ...
A newly discovered third variant of the Shai Hulud malware is raising fresh concerns about the security of the open-source software supply chain, as researchers warn that the latest version shows more ...
What security teams need to know about the browser-based attack techniques that are the leading cause of breaches in 2025. “The browser is the new battleground.” “The browser is the new endpoint”.