Zscaler found attackers using SEO poisoning and hidden prompts in malicious websites to manipulate AI agents into making cryptocurrency payments.
Mozilla 0DIN’s Claude Code demo shows how clean GitHub repos can expose AI coding agents to prompt injection, reverse shells, ...
JadePuffer exploited a vulnerable Langflow server, harvested credentials, moved laterally, and encrypted more than 1,300 ...
The offices of Google are pictured in London on February 28, 2026. JUSTIN TALLIS/AFP via Getty Images Google released agents-cli on April 21, 2026, and it has shipped 13 updates in the 71 days since — ...
Multiple weaponized proof-of-concept (PoC) exploits on GitHub delivered a Python-based remote access trojan (RAT) called ChocoPoC that can execute commands and steal sensitive data. However, ChocoPoC ...
Attackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels in Python proof-of-concept (PoC) repositories ...