Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.
They're not bad; they're just prompted that way. Sysdig threat hunters documented what they say is the first-ever documented ...
a laptop screen with a webpage of the IT Army of Ukraine group of volunteer hackers. The IT Army of Ukraine first set up in the wake of Russia's devastating attack, and has since hugely grown in ...
A malicious npm package has been caught impersonating one of the JavaScript ecosystem's most widely used build tools. The lookalike package hid a multi-stage Windows remote access trojan (RAT) in a ...
An IT specialist in cyber security looks at a morphological analysis of a software containing a malware at the Loria (Lorraine Laboratory for Research in Computer Science and Applications) ...
No matter how advanced, cyber attacks have always needed a human at the keyboard. Those days might be coming to an end.
Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS ...
Sysdig says JADEPUFFER may be the first agentic ransomware case, exposing how AI agents can turn old credential failures into database destruction. JADEPUFFER is a warning about exposed AI ...
A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit, ...
Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
Malicious packages on the Node Package Manager (npm) and the Python Package Index (PyPI) delivered stealer malware to ...