From late April 2026 to mid-June 2026, Microsoft Defender Experts observed increased ACR Stealer activity across customer ...
According to Socket, malicious payment SDK packages on npm and PyPI are harvesting developer credentials and CI/CD ...
JadePuffer exploited a vulnerable Langflow server, harvested credentials, moved laterally, and encrypted more than 1,300 ...
SentinelOne says macOS.Gaslight uses prompt injection to mislead AI-based malware analysis, steal data, and use Telegram for C2.
An "agentic threat actor" successfully exploited a Langflow flaw to steal data from a production database server and encrypt ...
Discover how the Rogue Agent vulnerability in Google Dialogflow CX enabled persistent AI agent compromise, data exfiltration, ...
A vulnerability chain dubbed AutoJack in Microsoft’s AutoGen Studio interface for prototyping AI agents could let attackers manipulate an agent into executing arbitrary commands on its host system ...
Sophisticated LinkedIn phishing uses fake job ads to target executives Attacks employ DLL sideloading and Python tools to install remote access trojans ReliaQuest warns phishing extends beyond email, ...
A previously undocumented Rust-based macOS implant and information stealer has been found to embed a prompt injection payload designed to trick a malware analyst's artificial intelligence (AI) tools ...
Sysdig says JADEPUFFER may be the first agentic ransomware case, exposing how AI agents can turn old credential failures into database destruction. JADEPUFFER is a warning about exposed AI ...
Mozilla’s 0din security research team has shown how an AI coding agent can be used to run malware from a GitHub repository that appears harmless during a routine project setup. The demonstration ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results