The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows ...

The exploit code was almost too neat. When Google’s Threat Intelligence Group flagged a previously unknown software ...

Scammers built a convincing fake Windows update site that installs password-stealing malware. Learn how the multi-stage attack works and how to stay safe.

Google says attackers are using AI for zero-day research, malware development, reconnaissance, and access to premium AI tools ...

A malicious repository on Hugging Face impersonated OpenAI’s “Privacy Filter” project and briefly reached the platform’s top trending position before removal ...

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering ...

Google found the first known zero-day exploit it believes was built using AI. The exploit targets two-factor authentication (2FA) on an open-source admin tool. State sponsored hackers from China and ...

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

Google threat intelligence claims to have identified the first known case of cyber attackers using AI to help develop a zero-day exploit. Elsewhere, LLMs are being used to hide malware and create ...

Researchers have finally cracked Fast16, mysterious code capable of silently tampering with calculation and simulation software. It was created in 2005—and likely deployed by the US or an ally. Vitaly ...