A financially motivated Russian threat actor tracked as UAT-11795 is using trojanized software to steal credentials and ...
SentinelOne says macOS.Gaslight uses prompt injection to mislead AI-based malware analysis, steal data, and use Telegram for C2.
A threat group researchers call "Armored Likho" has gained access to government agencies and electrical power entities in ...
One of the Russian government’s most elite hacking groups has adopted an attack, known as Clickfix, to compromise devices ...
According to Socket, malicious payment SDK packages on npm and PyPI are harvesting developer credentials and CI/CD ...
Vibe coding's dark side, "vibe hacking," is on the rise. Cybersecurity companies such as McAfee and Bitdefender have observed recent spikes in vibe-coded malware, also called "vibeware," with telltale ...
The original incomplete DeepSeek sample can be transformed into a fully functional attack with minimal effort,' Check Point researcher tells The Reg ...
ESET Research has released its H1 2026 Threat Report with statistics from December 2025 through May 2026.ClickFix – a social ...
IEEE Spectrum on MSNOpinion

How I turned AI to the dark side

It only took a little prompting to hijack the biggest AI models ...
An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious payload that remains invisible to security scanners, AI agents, and human ...
A new report reveals that AI agents can autonomously execute ransomware attacks, evidenced by the case of JADEPUFFER, which ...