-
A novel Magecart campaign that weaponizes legitimate cloud services to evade detection: attackers are storing a JavaScript skimmer inside Stripe customer metadata and delivering it to victim checkouts via Google Tag Manager. The combination makes Strip…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
An undeclared executable bundled with Hola Browser for Windows (version 1.251.91.0) that later proved to be a crypto‑miner. The binary, written to C:\Program Files\Hola\me.exe in affected installs, was not part of the certified footprint, lacked code s…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Trend Micro’s Deep Security Agent for Linux contains a design flaw in its behavior-monitoring stack that allows a local, unprivileged attacker to repeatedly force short “blind spots” in which endpoint protections are temporarily bypassed. The issue ste…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw in Hugging Face Transformers, tracked as CVE-2026-4372, has exposed millions of machine learning workflows to silent remote code execution (RCE) through a malicious model configuration. Discovered by Pluto Security researcher Y…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new Gafgyt-family botnet, tracked as C0XMO, marks a notable technical shift in IoT malware design: the separation of scanning and propagation into distinct components and multi-architecture payloads that maximize reach across heterogeneous Linux devi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Malicious browser add-ons are actively harvesting conversations and personal data from users of major AI platforms including ChatGPT, Claude, Copilot, Gemini, and DeepSeek. The threat leverages ostensibly helpful Chrome extensions VPNs, sidebars, and “…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors have resurfaced with an upgraded SHub stealer for macOS, now branded “Reaper,” and they’re using a stealthy distribution trick that should worry every Mac user. Attackers build fake download pages for popular apps (WeChat, Miro and others…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
AI-powered malware is moving from theory to reality, with new proof-of-concept worms showing how large language models (LLMs) can autonomously compromise mixed networks of Linux, Windows, and IoT devices while parasitically hijacking GPU compute for th…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Taxonomy of Failure Modes in Agentic AI Systems v2.0 published in April 2026, the field received more than a classification update: it got operational guidance grounded in a year of real-world red teaming that exposed how quickly agentic AI systems tra…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a fresh alert warning organizations about the active exploitation of a Linux kernel vulnerability tracked as CVE-2022-0492. The flaw, categorized as an improper authentication …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
