Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with running a seemingly benign GitHub repository could execute a malicious payload that is ...

FBI: Russian hackers now target Signal backup recovery keys

The FBI and CISA are warning that a phishing campaign targeting Signal users tied to Russian intelligence services has ...

CISA sets urgent deadline to fix Cisco flaw exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is giving federal agencies until Sunday to patch a ...

Cybersecurity firms targeted by fraudulent OpenAI organization invites

Threat actors are creating OpenAI tenants that impersonate legitimate companies and inviting employees to join them, in what ...

PirloTV sports piracy network disrupted as 44 domains seized

A major sports piracy ring linked to the illegal PirloTV streaming platform has been disrupted in an action that targeted 44 ...

Your First GRC Agent: A Red Teamer's Walkthrough

AI won't replace GRC analysts, but it can eliminate much of the repetitive work they do. Anecdotes walks through building an ...

Poland busts SIM-swapping gang tied to millions in crypto theft

Authorities in Poland have arrested four members of an organized cybercrime group accused of breaching telecommunications ...

Order-tracking app Shop abused to push callback phishing attacks

Threat actors are increasingly abusing Shop, the order-tracking app from Shopify, by adding fake purchase receipts in users' ...

CISA warns of max severity Ubiquiti flaws exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers actively exploiting flaws in Ubiquity ...

Webinar: Why account takeovers remain one of the hardest threats to stop

Account takeover attacks continue to challenge security teams because attackers often operate through legitimate accounts and ...
Bleeping Computer

Polymarket customers lose $3 million in supply-chain attack

Polymarket says it will fully reimburse customers who lost an estimated $3 million after hackers injected a malicious script into the platform's frontend following a breach at a third-party vendor.

Bluekit phishing kit adopts browser-in-the-middle for login theft

The Bluekit phishing-as-a-service platform continues to evolve with nearly 70 new hostnames identified over the past week and ...