From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet
A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Microsoft’s AutoJack research shows how a malicious webpage rendered by an AI browsing agent can reach local MCP services and ...
Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
Nothing ever leaves your browser. No token, secret, or key is sent to a server; the app makes no backend calls for any core feature. The one optional outbound request is the JWKS-URL fetch on the ...
Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the ...
ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories
ThreatsDay Bulletin covers AI abuse, poisoned packages, phishing, macOS attacks, SD-WAN flaws, scams, and supply-chain ...
The Information Security researchers at University College London (UCL) analyzed an archive of 12.16 million GPS observations ...
IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...
Researchers from Tokyo Metropolitan University have created a new paradigm for identifying online phishing campaigns. Their ...
Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results