Agentic coding tools vulnerable to command execution via DNS records ...
What actually changed wasn't automation.
Kaspersky says the attacks use phishing, GitHub-hosted payloads, CVE-2025-9491 LNK abuse, and Go2Tunnel-based tunneling.
Armored Likho, a new APT group using AI-generated malware and the BusySnake Stealer to target government agencies and power ...
Armored Likho BusySnake Stealer, a Python-based infostealer first disclosed by Kaspersky, is actively targeting government ...
A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI supply chain risks.
Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
An anonymous researcher has dumped what they say is working exploit code for zero-day vulnerabilities across 15 software ...
Lapse… so does this $25 Raspberry Pi Zero! Tiny, lightweight, and incredibly versatile. Mount it anywhere—from rooftops to ...
Malicious npm packages mimicking Rollup polyfill tooling steal browser data, crypto wallets, and AI tool credentials in a Lazarus-linked campaign.
Switchzilla amid reports of new serious vulnerabilities under attack. First up is a server-side request forgery bug in its Unified Communications Manager tracked as CVE-2026-20230. Cisco disclosed and ...