Threat researchers at cloud security firm Sysdig have disclosed what they describe as the first documented ransomware operation carried out end-to-end by an autonomous AI agent, with no human typing ...
Armored Likho BusySnake Stealer, a Python-based infostealer first disclosed by Kaspersky, is actively targeting government ...
Multiple weaponized proof-of-concept (PoC) exploits on GitHub delivered a Python-based remote access trojan (RAT) called ChocoPoC that can execute commands and steal sensitive data. However, ChocoPoC ...
An open WP-SHELLSTORM server exposed tools, logs, and target lists naming 1.4 million sites, with researchers validating ...
ReliaQuest observed attackers generating OAuth tokens and using Python scripts to query Salesforce's API for extended periods, as data was stolen. Huntress later disclosed that its own Salesforce ...
Indirect prompt injection attacks are now draining cryptocurrency from AI agents in production. Zscaler ThreatLabz documented ...
Researchers from Zscaler found a new malware campaign dubbed Edgecution.
Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your security tools look.
The malware program has been deployed across multiple sectors since April, helping to provide initial access sold to ransomware gangs. Researchers have identified a new backdoor program that has been ...
Even some of the most technically complex coding projects in the world are not averse to using AI for their development. Linus ...
Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent. Its Threat Research Team calls the operator JADEPUFFER and says a large ...