Learn how malicious AI agent skills easily bypass static scanners. Discover how runtime checking secures tools like Claude ...
Opera GX patched a flaw that let malicious sites silently install GX Mods and leak a signed-in user’s Gmail address with CSS.
TrojPix uses imperceptible pixel modulation so copper video cables radiate data, hitting 8.1 Mbps in lab tests with a nearby ...
LevelBlue says QuimaRAT uses encrypted plugins, OS-specific persistence, and JNA libraries to control Windows, Linux, and macOS systems.
The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.
The case study found no encryptor or locked machines, only stolen files used as leverage in a month-long negotiation ending ...
CISA added CVE-2026-45659 SharePoint Server RCE to KEV following confirmed exploitation, requiring U.S. agencies to patch by ...
ThreatsDay Bulletin covers this week’s cyber threats, from phishing and ransomware to exposed AI systems, sandbox flaws, and ...
Google links Turla to STOCKSTAY, a new .NET backdoor used in phishing attacks against Ukraine government and military targets ...
AIR says its fake AI skill passed scanner checks by using a mutable external link, exposing a blind spot in agent skill ...
Kaspersky reports ToddyCat’s Umbrij abuses headless Chromium and OAuth flows to extract Gmail authorization codes, enabling ...
Results that may be inaccessible to you are currently showing.
Hide inaccessible results