An "agentic threat actor" successfully exploited a Langflow flaw to steal data from a production database server and encrypt ...
JadePuffer exploited a vulnerable Langflow server, harvested credentials, moved laterally, and encrypted more than 1,300 ...
SentinelOne says macOS.Gaslight uses prompt injection to mislead AI-based malware analysis, steal data, and use Telegram for ...
Security tooling is not written in a single language. Python powers most automation. C sits at the exploit layer. PowerShell ...
Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
Anthropic’s AI coding agent silently encoded proxy hostnames and Chinese timezone data into invisible Unicode characters ...
Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
Check Point researchers have identified a new cyber adversary targeting Israeli government and IT businesses, tracked as ...
Researchers found attackers using fake CAPTCHA pages. Users should never run PowerShell or Windows commands requested by ...
A threat actor is targeting banks and other high-value organizations in a phishing campaign to deliver Phantom Stealer, a credential and session-stealing malware designed to evade conventional ...
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Mozilla’s 0din team showed how a Claude Code malware GitHub repo attack could use a clean-looking repository to open a ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results