SearchLeak and a three-CVE LiteLLM chain broke the same AI trust boundary in two weeks. A 5-check audit maps each gap to a ...
On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that ...
Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
PureLogs Stealer uses fake PDF JavaScript files and Google's Blogger pages in the VEIL#DROP campaign, enabling fileless ...
A five-character fix turned a failing Lighthouse Agentic Browsing audit into a clean pass. What that reveals about what the audit actually measures.
ESET researchers assisted in the global disruption of the Amadey botnet and Stealc infostealer, providing technical analysis, ...
A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers ...
Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social ...
The accessibility tree decides whether an AI agent can read and act on your page. The 2026 data says the web is getting ...
Although not the first of its kind, researchers’ POC attack against Microsoft’s M365 Copilot Enterprise underscores parameter-to-prompt (P2P) injections as a potentially broad threat. A recent ...
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Online video playback is no longer just about uploading a file and making it play. Today, viewers expect smooth streamin ...