Fortinet says the May 2026 Ousaban campaign uses PDF lures, geofencing, and steganography to target Windows banking users.
Mozilla 0DIN’s Claude Code demo shows how clean GitHub repos can expose AI coding agents to prompt injection, reverse shells, and credential risk.
As enterprises rapidly embrace multimodal AI capable of understanding both text and images, security researchers are discovering that these powerful new capabilities introduce equally sophisticated ...
Spam accounts overwhelmed my database. Claude found the weaknesses, Codex wrote the fixes, and I deployed a new defense.
Installing a piece of code from NPM will no longer auto-run malware on the system, and won’t quietly pull malicious code from external repos unless the developer explicitly allows it. But this won’t ...
A new prompt injection attack dubbed "BioShocking" could trick AI-powered browsers into treating real-world risky actions as ...
Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social ...
Makers of AI browsers make lofty promises. With a single prompt, users can ask one to find a restaurant in a particular part ...
Decades-old Bash shell tricks can bypass safeguards in most open source AI coding agents, creating a new software supply ...
The UK’s healthcare sector is being “stress-tested to breaking point," with a tenfold increase in attacks during January-May ...
Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
The latest email threats: real Microsoft login phishing, device code scams with a kill switch, split-click attacks, and the ...