Security vendors and their customers have spent considerable time debating where to draw the line between “legitimate” AI agents and “malicious” bots. A 31-day campaign against a major consumer ...

Microsoft’s AutoJack research shows how a malicious webpage rendered by an AI browsing agent can reach local MCP services and ...

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...

RSA today announced new RSA Help Desk Live Verify capabilities that stop social engineering attacks by extending coverage for users without a registered authenticator. Announced at Identiverse 2026, ...

FBI warns cyber criminals are using Traffic Distribution Systems to redirect users to phishing sites, malware downloads, ...

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

A malware named IronWorm spread through 36 npm packages in the Arweave ecosystem, stealing developer credentials and self ...

Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. This attribution ...

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other sensitive data.

Rubrik FORWARD — Rubrik (NYSE: RBRK) today introduced two new Identity Resilience capabilities to expand its product suite. The first, Identity Continuity is powered by the acquisition of Strata.io, ...

Nineteen-year-old ethical hacker Nisarga Adhikary, who recently highlighted security vulnerabilities in CBSE's digital ...

Three popular plugins served malicious JavaScript through a compromised CDN.