Dark Reading

Amazon Q VS Extension Flaw Leads to Cloud Credential Theft

Adversaries could plant a malicious repository that executes arbitrary code and steals cloud credentials, showcasing MCP risk ...
Microsoft

Chromium extension uses AI‑related branding to redirect browser search

A malicious Chromium-based extension that spoofs the AI-powered answer engine Perplexity AI redirects browser search traffic using MV3 APIs and intermediary infrastructure.

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
CSO Online

Hackers exploit critical PTC Windchill PLM software flaw

The popular product lifecycle management platform is under active exploitation for an RCE vulnerability that could put ...
Computer Weekly

Secure Code Warrior CEO on surviving the AI ‘vulnerability apocalypse’

As enterprises embrace agentic AI and vibe coding, Secure Code Warrior CEO and co-founder Pieter Danhieux warns that ...

CISA sets urgent deadline to fix Cisco flaw exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is giving federal agencies until Sunday to patch a ...
Microsoft

Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access

Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in ...
SecurityWeek

Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories

Amazon Q vulnerability could allow attackers to steal developer cloud credentials by luring them into opening a booby-trapped ...
SecurityWeek

First-Ever Exploitation of PTC Windchill Vulnerability Discovered in the Wild

Hackers exploited a vulnerability in PTC Windchill in the wild, marking the first confirmed real-world abuse of the PLM ...