Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...
The popular product lifecycle management platform is under active exploitation for an RCE vulnerability that could put ...
Researchers disclosed usbliter8, a SecureROM exploit affecting older Apple devices that can bypass boot protections with ...
Blockaid said an attacker tricked Jaredfromsubway.eth into approving fake trading routes, then used those approvals to drain ...
Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in ...
Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
Linux kernel privilege escalation exploit DirtyClone (CVE-2026-43503) is publicly documented: JFrog published a working attack walkthrough Thursday showing how any local user can gain root on ...
Decades-old Bash shell tricks can bypass safeguards in most open source AI coding agents, creating a new software supply ...
Joe is a freelance journalist. It all started with a long-running affection for building his own PCs, which he did for the first time as a teenager. It evolved into a lifelong enjoyment of putting ...
The zero-day "nightmare" apparently isn't over for Microsoft, as a disgruntled researcher who's been feuding with the company for the past three months has dropped yet another proof-of-concept (PoC) ...
Update: Added statement from Microsoft to the end of this article. A security researcher has released a new Microsoft Defender zero-day exploit named "RoguePlanet" just hours after Microsoft fixed two ...
Some AI cybersecurity threats are incredibly simple. They’re still dangerous. On June 5, 404 Media reported that attackers had been using Meta’s AI customer support agent to steal Instagram accounts.