The activity begins with the attackers distributing malicious VBS files via WhatsApp messages that, when executed, create ...

84% of attacks abuse legitimate tools across 700,000 incidents, expanding internal attack surfaces and evading detection ...

Google expands Android developer verification globally after September rollout, adding authentication and delays to ...

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...

Claude Code 2.1.88 leak exposed 512,000 lines via npm error, fueling supply chain risks and typosquatting attacks.

Unit 42 found excessive P4SA permissions in Vertex AI, enabling credential theft and cloud data exposure, increasing breach ...

CVE-2026-3502 (CVSS 7.8) exploited in early 2026 via TrueConf updates, enabling Havoc malware deployment across government ...

AI weaponizes the kill chain across hours or days, forcing continuous exposure and agentic defense to reduce exploitation ...

AtlasCross RAT spreads via 11 fake domains registered October 27, 2025, enabling encrypted C2 control and persistence.

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

ChatGPT and Codex flaws patched Feb 2026 exposed DNS exfiltration and GitHub tokens, raising enterprise AI security risks.

Three LangChain flaws enable data theft across LLM apps, affecting millions of deployments, exposing secrets and files.