Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
Microsoft

Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access

Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in ...
Tech Times

Cisco SD-WAN Zero-Day Exploit: Mandiant Reveals Malicious CSV Opened Root Shell

Cisco SD-WAN zero-day CVE-2026-20245 was exploited months before disclosure: Mandiant reveals how a malicious CSV file ...
Analytics Insight

How to Fix PC Problems Faster Using ChatGPT and Copilot

Overview: AI tools like ChatGPT and Copilot speed up PC diagnosis by interpreting error messages, logs, and symptoms into ...
The Hacker News

New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis

SentinelOne details Gaslight, a Rust-based macOS implant linked to North Korea-aligned actors that uses prompt injection to ...
Infosecurity Magazine

Lookalike npm Package Hides a Multi-Stage Windows RAT

A malicious npm package has been caught impersonating one of the JavaScript ecosystem's most widely used build tools. The ...
Dark Reading

Russian APT 'Gamaredon' Upgrades Its Arsenal, Requiring New Defenses

In a report this week, ESET tracks 35 separate Gamaredon spear-phishing campaigns against Ukraine carried out last year. In ...

Pakistani Websites Taken Over by New Cloudflare-Like Virus

Pakistani websites have been compromised by a new malware campaign that tricks visitors into infecting their own computers.
Microsoft

StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them

On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that ...
Dark Reading

SocGholish Takedown Highlights Malicious TDS Threats

SocGholish uses traffic distribution systems (TDSs) to provide initial access into victims' networks for cybercrime groups ...
SecurityWeek

Cisco SD-WAN Zero-Day Exploited Months Before Patching

Mandiant details exploitation of CVE-2026-20245, a Cisco Catalyst SD-WAN vulnerability exploited as a zero-day months prior ...