-
MCP servers can silently turn AI assistants into powerful attack platforms, enabling arbitrary code execution, large‑scale data exfiltration, and stealthy user manipulation across both local machines and cloud environments. New research and recent real…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A security flaw in Microsoft 365 Copilot is currently causing the AI assistant to incorrectly summarize email messages protected by confidentiality sensitivity labels, essentially bypassing configured Data Loss Prevention (DLP) policies. This vulnerabi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OpenClaw, the open-source autonomous AI assistant that has gained widespread adoption in early 2026, released version v2026.2.17 on February 17, 2026, introducing support for Anthropic’s latest Claude Sonnet 4.6 model. The release comes amid grow…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A rising wave of cryptocurrency scams sweeping across Asia is blending two major fraud techniques malvertising and pig butchering to create a more deceptive and scalable attack model. The scams begin with malvertising, where attackers run ads impersona…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Two critical zero-day vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, are being actively exploited to compromise enterprise mobile fleets and corporate networks. Both are remote code execution (RCE)…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Fake CAPTCHA (ClickFix) pages are enabling threat actors to turn a single user click into an enterprise‑wide compromise, as seen in a recent incident affecting a major Polish organization. The campaign chained social engineering, DLL side‑loading, and …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A large-scale supply chain poisoning campaign dubbed ClawHavoc has hit OpenClaw’s official skill marketplace, ClawHub, with at least 1,184 malicious “Skills” historically published on the platform. The incident highlights how fast-growing AI agent ecos…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
ClickFix is being weaponized against macOS developers by turning a trusted Homebrew workflow into a stealthy delivery channel for a new infostealer dubbed Cuckoo Stealer. The campaign shows how attackers can skip exploit chains entirely and instead rel…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Palo Alto Networks announced on February 17, 2026, that it has entered a definitive agreement to acquire Koi Security, a pioneer in Agentic Endpoint Security. The acquisition aims to address a critical security gap created by AI agents and tools that o…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
An aggressive malware campaign targeting IT professionals in cryptocurrency, Web3, and AI to steal sensitive data and live crypto funds from victim wallets. The attackers pose as recruiters and use trojanized coding tasks to deliver two core malware fa…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
