Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS ...
Sophia Oguri is on the front lines of AI transformation, updating workflows for the biggest investors in AI infrastructure.
Sysdig threat hunters documented what they say is the first-ever documented agentic ransomware infection with an LLM - not a ...
Attackers exploited Langflow vulnerability CVE-2025-3248 to conduct an agentic AI-powered ransomware attack involving reconnaissance, credential theft, and lateral movement.
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Citrix NetScaler received patches for another memory leak vulnerability similar to CitrixBleed, as well as memory overflow, file read and denial-of-service issues ...
安全研究机构 Sysdig 发布报告称,其威胁研究团队发现全球首例完全由 AI 智能体自主执行的勒索软件攻击事件。该攻击被命名为 JADEPUFFER,其显著特征在于全程无需人类干预,即可完成从系统入侵到数据摧毁的完整攻击链路。 攻击溯源显示,初始突破口为一台暴露在公网的 Langflow 服务。攻击者利用 CVE-2025-3248 漏洞,在无需身份验证的情况下远程执行 Python 代码获取主 ...
Microsoft is accelerating its quantum-safe security plans as it prepares critical products and services for PQC by 2029.
IT之家7 月 3 日消息,安全厂商 Sysdig 昨日宣布,其威胁研究团队首次记录到一例由 AI Agent(智能体)自主完成整个攻击流程的勒索软件攻击,并将该攻击者命名为 JADEPUFFER。 研究人员指出,这是目前公开披露的全球首个有完整记录、完全由 AI Agent 自动执行的勒索软件攻击案例,它利用公开漏洞入侵系统后,自主完成了从侦察、窃取凭证、横向移动到最终加密和摧毁数据库的完整攻击 ...
Flipper Device's new Busy Bar will retail for $249.
This study from Suganthan reveals hidden fields in ChatGPT's network traffic that decide which sources get fetched, cited, or ...
ConsentFix and ClickFix attacks steal Microsoft 365 tokens in seconds using fake prompts and OAuth flows. Learn how these MFA bypass tactics work and how to defend against them. 18 kits, a 37x spike ...