Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
Microsoft

StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them

On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that ...
Homeland Security Today

Plotting an Attack on Infrastructure Used to Require a Team. Now it Takes a Laptop

Not long ago, a would-be terrorist would have needed weeks of surveillance, technical expertise, expensive software, and help from trained specialists to understand a critical infrastructure target's ...

Anthropic’s Mythos model found vulnerabilities in classified US government systems, official says

A U.S. official says one of Anthropic’s artificial intelligence models identified vulnerabilities in highly sensitive and ...
SecurityWeek

No Exploits Required

RunZero’s Tod Beardsley explores why the architecture of modern networks creates security challenges that patches and CVEs ...
Dark Reading

Nightmare-Eclipse Drops Yet Another Microsoft Exploit, RoguePlanet

The zero-day "nightmare" apparently isn't over for Microsoft, as a disgruntled researcher who's been feuding with the company for the past three months has dropped yet another proof-of-concept (PoC) ...
SecurityWeek

New Windows Zero-Day Exploit ‘RoguePlanet’ Released

Exploiting a race condition in Microsoft Defender, the exploit leads to local privilege escalation to SYSTEM. A security researcher has released another zero-day exploit targeting Microsoft’s Windows ...
The Hacker News

Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows

The anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for yet another Microsoft Defender zero-day named RoguePlanet.
Computer Weekly

Microsoft smashes record for biggest ever Patch Tuesday update

Microsoft has issued patches for around 200 flaws in its latest monthly Patch Tuesday drop, blasting past a previous record high of almost 170 common vulnerabilities and exposures (CVEs) set in ...
CoinTelegraph

Humanity says compromised laptop led to $36M bridge attack

Humanity Protocol's Terence Kwok said some multisig keys may have been accidentally backed up to a compromised device during setup. Humanity Protocol said an employee's laptop compromise allowed ...
Developer Tech

Anthropic says AI can turn software patches into exploits within hours

Anthropic has published research showing that its Claude Mythos Preview model can turn public software patches into working exploits within hours. The company said the process has often required ...
GitHub

motioneye_auth_rce_cve_2025_60787.rb

This module exploits a template injection vulnerability in the MotionEye Frontend. MotionEye Frontend versions 0.43.1b4 and prior are vulnerable to OS Command Injection in configuration parameters ...