Tag: ai
-
ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories
It got stupid again.The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weird stuff is normal. Forums go down and come back worse. Cheap hackers get better toys. AI starts breaking real systems. Great.Read the whole thing before…
-
Oasis Aims For Partner Push To Enable ‘Next Wave’ Of Identity Security: President Michael DeCesare
Oasis Security is focusing aggressively on partner-driven growth amid massive opportunities in non-human identity security, spurred by the rapid adoption of AI agents, according to President Michael DeCesare. First seen on crn.com Jump to article: www.crn.com/news/security/2026/oasis-aims-for-partner-push-to-enable-next-wave-of-identity-security-president-michael-decesare
-
Why Local AI Agents Are Creating a New Governance Blind Spot
Local AI agents are creating new visibility and governance challenges. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/why-local-ai-agents-are-creating-a-new-governance-blind-spot/
-
Infosecurity Europe: AI Adoption Creates New Opportunities for Attackers to Distribute Malware, Microsoft Warns
Microsoft Detection and Response Team (DART) details how it has uncovered malicious AI applications as cyber criminals manipulate organizations adopting AI tools First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/attackers-ai-adoption-malware/
-
CrowdStrike Is Positioned To Become ‘The World’s AI Security Layer’: CEO George Kurtz
CrowdStrike is in the “prime position” to continue leading the way on AI security amid the surging adoption of AI and agentic tools across customers and partners, CrowdStrike co-founder and CEO George Kurtz said Wednesday. First seen on crn.com Jump to article: www.crn.com/news/security/2026/crowdstrike-is-positioned-to-become-the-world-s-ai-security-layer-ceo-george-kurtz
-
Supply Chain Attack Hits Dozens of npm Packages via binding.gyp
A large-scale npm supply chain attack has compromised at least 57 packages across more than 286 malicious versions in a rapid, coordinated campaign that unfolded in under two hours on June 3, 2026. The attack began at approximately 23:30 UTC with the compromise of @vapi-ai/server-sdk, the official Vapi.ai voice AI SDK with over 408,000 monthly…
-
Infosecurity Europe: Mythos Outperforms GPT5.5 on Google Chrome Vulnerability Exploits, Says New Benchmark
A Bugcrowd researcher has unveiled ExploitBench, an independent benchmark of AI models for vulnerability exploitation First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/mythos-gpt-chrome-exploits/
-
Fake Claude Code Installer Spreads Fileless .NET Infostealer
Hackers are actively abusing interest in AI development tools by launching a sophisticated SEO poisoning campaign that impersonates Anthropic’s Claude Code installation flow to deliver a fully fileless .NET infostealer, according to researchers at Howler Cell. The campaign targets users searching for “Claude Code install,” placing a malicious lookalike page at the top of search…
-
Frontline Workers Twice as Likely to Use Unapproved AI
New research by Mitel has revealed a widening gap between AI adoption and enablement, with limited support and low confidence contributing to the rise of Shadow AI and unapproved AI usage. The State of Workforce Communication report found that while workplace communication is mission-critical, tools are misaligned with how teams execute, forcing employees to quietly…
-
Malicious ChatGPT Download Website Tricks Users via Sponsored Search Listings
Threat actors are abusing paid search ads to push a fake ChatGPT download site, underscoring how malvertising is increasingly used to target users who trust well-known AI platforms. The campaign relies on a lookalike site and sponsored listings to trick users into downloading malware under the guise of a legitimate ChatGPT installer. Malicious ChatGPT Download…
-
ClawHub, Cisco, and Vercel Skill Detection Tools Evaded by Malicious Uploads
Security researchers have shown that AI skill security scanners from ClawHub, Cisco, and Vercel’s skills.sh can be reliably bypassed using simple techniques, raising serious concerns about agentic AI supply chain defenses. In tests conducted by Trail of Bits, multiple malicious skills designed to exfiltrate data, hijack agents, or execute arbitrary code were successfully uploaded and…
-
Identity Security als digitale Hygiene: Der unterschätzte Cybersecurity-Hebel
Was fehlt, ist der Brandschutzbeauftragte. Nur wer dieses Fundament sichtbar macht, kann es pflegen, ausbauen und gegen neue Bedrohungen absichern. In einer Zeit von Ransomware, KI-Agenten, Cloud-Abhängigkeiten First seen on infopoint-security.de Jump to article: www.infopoint-security.de/identity-security-als-digitale-hygiene-der-unterschaetzte-cybersecurity-hebel/a45378/
-
Statische Zugangsdaten sind im KI-Zeitalter nicht mehr sicher – KI-Agenten brauchen Secrets und machen sie zur Angriffsfläche
Tags: aiFirst seen on security-insider.de Jump to article: www.security-insider.de/ki-agenten-secrets-management-dynamisch-maschinenidentitaet-angriffsflaeche-a-b21bbea717435b1e06db8ad0bd14b96d/
-
Fake Claude Code Installer on Google Sites Steals Credentials
Fake installers for Anthropic’s Claude Code are being weaponized in a new ClickFix-style campaign that abuses trusted Google Sites hosting to deliver a fileless credential”‘stealing malware payload. The operation impersonates popular AI development tools such as Claude Code and Codex, guiding victims to run an MSHTA-based command that ultimately stages an in”‘memory stealer inside PowerShell.exe…
-
Microsoft Introduces Always-On AI Agent Scout for Teams, Outlook, and More
Microsoft has introduced an always-on AI agent named “Scout,” marking the debut of a new category of enterprise automation called “Autopilots.” Announced on June 2, Microsoft Scout is designed to operate continuously across Microsoft 365 services such as Teams, Outlook, OneDrive, and SharePoint, shifting AI from reactive assistants to proactive systems that execute tasks autonomously…
-
Microsoft Introduces Always-On AI Agent Scout for Teams, Outlook, and More
Microsoft has introduced an always-on AI agent named “Scout,” marking the debut of a new category of enterprise automation called “Autopilots.” Announced on June 2, Microsoft Scout is designed to operate continuously across Microsoft 365 services such as Teams, Outlook, OneDrive, and SharePoint, shifting AI from reactive assistants to proactive systems that execute tasks autonomously…
-
Microsoft Introduces Always-On AI Agent Scout for Teams, Outlook, and More
Microsoft has introduced an always-on AI agent named “Scout,” marking the debut of a new category of enterprise automation called “Autopilots.” Announced on June 2, Microsoft Scout is designed to operate continuously across Microsoft 365 services such as Teams, Outlook, OneDrive, and SharePoint, shifting AI from reactive assistants to proactive systems that execute tasks autonomously…
-
CrowdStrike Bets on AI Detection and Response Boom
CrowdStrike CEO George Kurtz Says Enterprises Are Seeking Controls for AI Agents. CrowdStrike says enterprise adoption of agentic AI is driving demand for AI Detection and Response, as organizations seek visibility, governance and protection against emerging AI-powered threats, non-human identities and expanding autonomous workloads. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/crowdstrike-bets-on-ai-detection-response-boom-a-31862
-
ETSI sets security requirements for AI data centers and cloud platforms
ETSI has published TS 104 033, a technical specification that defines security requirements for AI computing platforms. The specification establishes a security framework for … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/04/etsi-securing-ai-computing-platforms-standard/
-
CISA directive for AI executive order to be released this week, Andersen says
The binding operational directive will focus in part on “vulnerability alleviation and vulnerability management,” Andersen said in remarks delivered at the TechNet Cyber conference in Baltimore. First seen on therecord.media Jump to article: therecord.media/cisa-directive-for-ai-exec-order-release
-
How to Govern AI Agents Using Non-Human Identity Principles
First seen on scworld.com Jump to article: www.scworld.com/program-guide/how-to-govern-ai-agents-using-non-human-identity-principles
-
Trump executive order on AI calls for voluntary 30-day review period
Tags: aiFirst seen on scworld.com Jump to article: www.scworld.com/news/trump-executive-order-on-ai-calls-for-voluntary-30-day-review-period
-
Coralogix raises $200M as AI changes observability workflows
Tags: aiFirst seen on scworld.com Jump to article: www.scworld.com/brief/coralogix-raises-200m-as-ai-changes-observability-workflows
-
Cato claims 45-minute CVE protection with agentic AI
First seen on scworld.com Jump to article: www.scworld.com/news/cato-claims-45-minute-cve-protection-with-agentic-ai
-
MazeBolt launches AI module to simulate novel DDoS attack vectors
First seen on scworld.com Jump to article: www.scworld.com/brief/mazebolt-launches-ai-module-to-simulate-novel-ddos-attack-vectors
-
AI accelerates development of ransomware toolkit with EDR evasion capabilities
First seen on scworld.com Jump to article: www.scworld.com/brief/ai-accelerates-development-of-ransomware-toolkit-with-edr-evasion-capabilities
-
79% of companies say they’re ready to detect AI bots, 23% actually are
Tags: aiFirst seen on scworld.com Jump to article: www.scworld.com/perspective/79-of-companies-say-theyre-ready-to-detect-ai-bots-23-actually-are
-
MSSPs can now hunt shadow AI agents that APIs miss
First seen on scworld.com Jump to article: www.scworld.com/news/mssps-can-now-hunt-shadow-ai-agents-that-apis-miss
-
Smashing Security podcast #470: This AI security flaw might be impossible to fix
A website called “UK visa portal” has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were applying through official channels. They weren’t. And when a journalist tried to warn the company, it was lawyers who responded. First seen on grahamcluley.com Jump to article: grahamcluley.com/smashing-security-podcast-470/