Communications of the ACM

Safe Coding

Safe coding is a collection of software design practices and patterns that allow for cost-effectively achieving a high degree ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
Circuit Digest

Raspberry Pi Pico Based Rain Detection System with WhatsApp Alert

Refer to the circuit diagram below for the complete wiring layout. The Raspberry Pi Pico WhatsApp messaging system reads the ...

Terra Security Finds Widespread Exploitable Flaws in AI-Driven Applications, Copilots, and AI-Generated Code

After months of real-world testing of AI copilots, chat interfaces, and AI-generated apps, Terra Security releases a new module for continuous AI Penetration Testing to match AI development velocity ...

Fake 'interview' repos lure Next.js devs into running secret-stealing malware

Come for the coding test, stay for the C2 traffic Next.js developers are once again in the crosshairs as hackers seed ...

Flaw in Grandstream VoIP phones allows stealthy eavesdropping

A critical vulnerability in Grandstream GXP1600 series VoIP phones allows a remote, unauthenticated attacker to gain root privileges and silently eavesdrop on communications.
Security Boulevard

Fake Huorong security site infects users with ValleyRAT

A convincing lookalike of the popular Huorong Security antivirus has been used to deliver ValleyRAT, a sophisticated Remote Access Trojan (RAT) built on the Winos4.0 framework, to users who believed ...
Security Boulevard

APT37 Adds New Capabilities for Air-Gapped Networks

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...
diginomica

OpenAI's AI talent war with Anthropic - leaving aside the point scoring, here's how the personal agent meme might shape the enterprise

OpenAI has signed on Peter Steinberger, the pioneer of the viral OpenClaw open source personal agentic development tool.
The Hacker News

PromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence

PromptSpy Android malware abuses Google Gemini to analyze screens, automate persistence, block removal, and enable VNC-based ...

ESET Research discovers PromptSpy, the first Android threat to use generative AI

ESET researchers have discovered PromptSpy, the first known Android malware to abuse generative AI in its execution flow to achieve persistence. It is the first time generative AI has been deployed in ...