It uses some of the oldest tricks in the book.

All the nation-state hackers are vibe coding. Vibeware won't win any coding awards. It's not pretty. It doesn't target any ...

The idea was simple but transformative: prompt a Generative AI model—such as ChatGPT or Anthropic—to build a software program ...

Source Code Exfiltration in Google Antigravity‍TL;DR: We explored a known issue in Google Antigravity where attackers can ...

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...

New malware spreads via fake GitHub downloads, stealing browser passwords, crypto wallets, Discord tokens, and credit card ...

Using Anthropic and OpenAI's AI systems — and a detailed playbook prompt — cyberattackers gained access to Mexico's agencies ...

North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT ...

数字证书作为公钥基础设施（PKI）的核心组件，长期以来被视为建立网络信任、验证软件完整性及加密通信的基石。然而，近期网络安全态势显示，攻击者正通过窃取、伪造或滥用合法数字证书，将其植入恶意软件中，从而绕过操作系统的安全机制与终端防护软件。这种利用“被 ...

India-nexus cyber threat actors are growing more active and sophisticated, using custom tools coded in Rust and cloud-based ...

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 ...

Malicious AI browser extensions posing as helpful assistants harvested ChatGPT and DeepSeek chat data from nearly 900,000 users, Microsoft says.