Lazarus Group has deployed RemotePE, a fully memory-resident trojan that is extremely hard for traditional antivirus and forensic tools to detect.

AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

Meta’s AI support chatbot proved unusually helpful to hackers looking to steal and resell notable Instagram accounts—the hackers simply asking the bot to change the accounts’ associated email ...

GitHub, the popular developer platform owned by Microsoft, confirmed it was hacked and attackers had stolen data from around 3,800 internal code repositories. The code hosting and sharing giant said ...

Posts from this author will be added to your daily email digest and your homepage feed. is a London-based reporter at The Verge covering all things AI and a Senior Tarbell Fellow. Previously, he wrote ...

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions ...

A Chinese cyber-espionage campaign has been targeting telecommunications providers with newly discovered Linux and Windows malware dubbed Showboat and JFMBackdoor, respectively. The operation has been ...

House Republican leaders are calling on FBI Director Kash Patel to act aggressively to stop cybercriminal groups targeting the healthcare industry. In a May 28 letter to Mr. Patel, the lawmakers ...

An ethical hacker who just won major prizes at a prestigious international competition says her days of competing could be numbered due to the rise of AI tools like Claude Mythos. Valentina Palmiotti ...