Cybersecurity, AI safety, threat detection, and privacy in the age of AI.
64 articles
Security researchers have found a vulnerability in GitHub’s AI coding agent that allows it to leak private repository contents through a polite issue request. The flaw, named GitLost, has no code fix and has not been documented by GitHub.
Hackers can exploit the limitations of popular AI tools like ChatGPT and Claude to generate false information that helps them build massive botnets. This 'HalluSquatting' technique leverages LLMs' tendency to fabricate plausible-sounding responses when uncertain.
A security firm has documented the first ransomware attack fully executed by an AI agent, highlighting the growing threat of autonomous cyberattacks.
North Korean-linked npm packages impersonate legitimate Rollup tools to steal developer credentials and enable remote access.
Security researchers have demonstrated how AI browsers can be tricked into leaking passwords through a technique called 'BioShocking,' raising concerns about AI agent security.
This article explains Advanced Persistent Threats (APTs) and how state-sponsored hackers target secure communication platforms like Signal and WhatsApp, highlighting the sophisticated techniques used in modern cyber warfare.
The FBI and CISA warn that Russian hackers are now targeting Signal users' backup recovery keys, allowing them to access messages even after a device change. The attack exploits vulnerabilities in account recovery processes.
Global law enforcement has disrupted two critical cybercrime tools in Operation Endgame, targeting a malware distribution platform and credential theft marketplace that enabled widespread digital attacks.
A security firm revealed how a fake AI agent skill bypassed all security scanners and reached nearly 26,000 agents, exposing vulnerabilities in AI marketplace security.
LastPass has notified customers after a supply chain breach at Klue exposed personal data and support case information. The breach did not compromise password vaults.
Nearly 7,000 fake Amazon domains have been registered in the run-up to Prime Day 2026, according to cybersecurity researchers. These domains are likely used for phishing campaigns targeting shoppers.
The Five Eyes intelligence alliance warns that frontier AI models capable of disrupting governments and businesses could be ready within months.