Tag: malicious
-
Backdoored WordPress Plugin Abuses Remote Update Checker for Silent Code Delivery
A long-dormant backdoor has been uncovered in the >>Quick Page/Post Redirect Plugin,<< a popular WordPress add-on with over 70,000 active installations. The tampered plugin, specifically version 5.2.3, contained two distinct malicious features. First, it featured a passive content injection mechanism. On every page viewed by a logged-out user, the plugin connected to a third-party server…
-
Bad Bots in the Agentic Age: What the 2026 Thales Bad Bot Report Reveals
Tags: ai, api, application-security, attack, automation, banking, business, container, control, crime, cyber, cybercrime, data, defense, detection, exploit, finance, fraud, identity, infrastructure, intelligence, Internet, LLM, malicious, monitoring, resilience, risk, service, threat, tool, vulnerabilityBad Bots in the Agentic Age: What the 2026 Thales Bad Bot Report Reveals josh.pearson@t“¦ Thu, 04/30/2026 – 07:31 The modern internet is becoming less human by the day. Bot traffic is increasing, and human traffic is shrinking. Malicious automated traffic is getting harder to spot. The Thales 2026 Bad Bot Report, now in it’s…
-
Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution
Google has addressed a maximum severity security flaw in Gemini CLI — the “@google/gemini-cli” npm package and the “google-github-actions/run-gemini-cli” GitHub Actions workflow — that could have allowed attackers to execute arbitrary commands on host systems.”The vulnerability allowed an unprivileged external attacker to force their own malicious content to load as Gemini configuration,” First seen on…
-
Compromised SAP npm Packages Found Harvesting Developer and CI/CD Secrets
Security researchers have identified a severe supply chain attack targeting the SAP developer ecosystem. A threat group identified as TeamPCP has compromised multiple legitimate SAP npm packages in a new campaign named Mini Shai Hulud. The operation relies on injecting malicious pre-install scripts that execute silently during dependency installation. By leveraging a multi-stage payload, the…
-
Coming Soon: AI-Scan OpenClaw Ecosystem Security Scanning Capabilities
As the OpenClaw ecosystem continues to surge in popularity, more customers are deploying and utilizing these AI agents on a large scale. However, this growth has brought significant security challenges to the forefront, including over 33 documented CVE vulnerabilities, 288+ GHSA security advisories, the rise in malicious Skills, and frequent memory poisoning attacks. The NSFOCUSLLM……
-
Researchers unearth industrial sabotage malware that predated Stuxnet by 5 years
fast16.sys, is briefly mentioned in the 2017 Shadow Brokers leak of documents covering exploits and tools used by US National Security Agency cyber teams.”This 2005 attack is a harbinger for sabotage operations targeting ultra expensive high-precision computing workloads of national importance like advanced physics, cryptographic, and nuclear research workloads,” the SentinelOne researchers said in their…
-
New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs
Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic’s Claude Opus large language model (LLM).The package in question is “@validate-sdk/v2,” which is listed on npm as a utility software development kit (SDK) for hashing, validation, encoding/decoding, and secure random generation. However, its…
-
New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs
Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic’s Claude Opus large language model (LLM).The package in question is “@validate-sdk/v2,” which is listed on npm as a utility software development kit (SDK) for hashing, validation, encoding/decoding, and secure random generation. However, its…
-
Mastering agentic AI security through exposure management
As AI tools evolve from siloed chatbots to autonomous, hyperconnected systems, they create a vast new attack surface. Discover how to manage this risk by focusing on visibility, agency, and semantic security to protect your organization’s increasingly complex landscape of agentic AI systems. Key takeaways Organizations have moved from siloed AI chatbots to autonomous, hyperconnected…
-
Malicious npm Dependency Linked to AI Assisted Commit Targets Crypto Wallets
Researchers uncover a malicious npm dependency linked to an AI”‘assisted code commit that steals sensitive data and exposes crypto wallets First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ai-npm-dependency-targets-crypto/
-
Mastering agentic AI security through exposure management
As AI tools evolve from siloed chatbots to autonomous, hyperconnected systems, they create a vast new attack surface. Discover how to manage this risk by focusing on visibility, agency, and semantic security to protect your organization’s increasingly complex landscape of agentic AI systems. Key takeaways Organizations have moved from siloed AI chatbots to autonomous, hyperconnected…
-
AI-powered honeypots: Turning the tables on malicious AI agents
Just as AI brings time-saving advantages to our lives, it brings similar advantages to threat actors. We can take the advantage back. This blog shows how generative AI can be used to rapidly deploy adaptive honeypot systems. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/ai-powered-honeypots-turning-the-tables-on-malicious-ai-agents/
-
AWS leans on prior ingenuity to face future AI and quantum threats
Tags: access, ai, attack, authentication, breach, cloud, communications, computer, computing, control, credentials, crypto, cryptography, cybersecurity, data, defense, encryption, exploit, google, Hardware, identity, infrastructure, Internet, lessons-learned, malicious, penetration-testing, phishing, risk, service, technology, threat, tool, updateSymmetric cryptography and the quantum threat: Back in the early 2010s, most hardware security modules used asymmetric cryptography to protect security keys. Asymmetric cryptography, the kind used to secure online communications, involves pairs of keys, one to lock, another to unlock. It’s a very useful and convenient approach when dealing with multiple parties.Amazon chose to…
-
AWS leans on prior ingenuity to face future AI and quantum threats
Tags: access, ai, attack, authentication, breach, cloud, communications, computer, computing, control, credentials, crypto, cryptography, cybersecurity, data, defense, encryption, exploit, google, Hardware, identity, infrastructure, Internet, lessons-learned, malicious, penetration-testing, phishing, risk, service, technology, threat, tool, updateSymmetric cryptography and the quantum threat: Back in the early 2010s, most hardware security modules used asymmetric cryptography to protect security keys. Asymmetric cryptography, the kind used to secure online communications, involves pairs of keys, one to lock, another to unlock. It’s a very useful and convenient approach when dealing with multiple parties.Amazon chose to…
-
Cursor AI IDE vulnerability allows code execution via hidden Git hooks
Novee researchers find high-severity CVE-2026-26268 flaw in Cursor AI, allowing hackers to run malicious code when developers clone repositories. First seen on hackread.com Jump to article: hackread.com/cursor-ai-ide-vulnerability-code-execution-git-hooks/
-
SLOTAGENT Malware Hides API Calls and Strings to Thwart Analysis
A previously unknown remote access trojan (RAT), dubbed SLOTAGENT, after analyzing a suspicious ZIP archive uploaded from Japan to a public malware repository in early 2026. The malware demonstrates advanced evasion techniques and flexible post-exploitation capabilities, making it a notable addition to the evolving threat landscape. The ZIP file contains a malicious executable, WindowsOobeAppHost.AOT.exe, which triggers the…
-
SLOTAGENT Malware Hides API Calls and Strings to Thwart Analysis
A previously unknown remote access trojan (RAT), dubbed SLOTAGENT, after analyzing a suspicious ZIP archive uploaded from Japan to a public malware repository in early 2026. The malware demonstrates advanced evasion techniques and flexible post-exploitation capabilities, making it a notable addition to the evolving threat landscape. The ZIP file contains a malicious executable, WindowsOobeAppHost.AOT.exe, which triggers the…
-
SLOTAGENT Malware Hides API Calls and Strings to Thwart Analysis
A previously unknown remote access trojan (RAT), dubbed SLOTAGENT, after analyzing a suspicious ZIP archive uploaded from Japan to a public malware repository in early 2026. The malware demonstrates advanced evasion techniques and flexible post-exploitation capabilities, making it a notable addition to the evolving threat landscape. The ZIP file contains a malicious executable, WindowsOobeAppHost.AOT.exe, which triggers the…
-
Vidar Malware Hides Payloads in JPEG and TXT Files
Malware authors are increasingly using multi-stage delivery techniques to evade detection, blending malicious payloads into seemingly harmless file formats. New reporting from Cybersecurity News reveals that Vidar is delivering its payload through JPEG and TXT files while leveraging scripting, obfuscation, and in-memory execution to remain undetected. The campaign combines multiple evasion layers, making it difficult…
-
Critical Cursor bug could turn routine Git into RCE
Tags: ai, attack, cvss, flaw, malicious, nvd, penetration-testing, phishing, rce, remote-code-executionExpanded attack surface with agentic IDEs: Novee warned that while traditional IDEs are passive, doing what developers explicitly tell them to do, Cursor’s AI agent interprets intent and autonomously decides which commands to run, which includes Git operations. And that’s where the problem lies.”In traditional pentesting, ‘client-side’ attacks targeting developer machines have always been a…
-
What CISOs need to get right as identity enters the agentic era
Tags: access, ai, ciso, conference, control, credentials, cybersecurity, defense, governance, identity, jobs, least-privilege, malicious, mfa, monitoring, phishing, risk, technology, toolWilcox and Adams are speaking at the CSO Cybersecurity Awards & Conference, May 1113. Reserve your place.As a result, Adams says CISOs will increasingly need to adopt an identity-centric security architecture and there are several key tenets to consider.Build a strong foundation before layering on complexity. The instinct when modernizing an identity program, says Adams, is…
-
DORA and the Practical Test of Operational Resilience
By Alan Stewart-Brown, VP EMEA, Opengear Disruption in financial services rarely follows a clean script. A misconfiguration, a spike in malicious traffic, or a poorly timed change can cascade across platforms and teams, particularly where systems and suppliers are tightly coupled. When that chain reaction starts, the challenge is rarely identifying the fault. It The…
-
DORA and the Practical Test of Operational Resilience
By Alan Stewart-Brown, VP EMEA, Opengear Disruption in financial services rarely follows a clean script. A misconfiguration, a spike in malicious traffic, or a poorly timed change can cascade across platforms and teams, particularly where systems and suppliers are tightly coupled. When that chain reaction starts, the challenge is rarely identifying the fault. It The…
-
NCSC launches SilentGlass, a plug-in device to secure HDMI and DisplayPort links
NCSC’s SilentGlass blocks malicious HDMI/DisplayPort links, protecting monitors from hardware attacks. Now commercialized for global use. The UK’s National Cyber Security Centre (NCSC) has launched SilentGlass, a new device to protect one of the most overlooked parts of modern IT systems: the physical links between screens and computers. It is a small plug-in security device…
-
NCSC launches SilentGlass, a plug-in device to secure HDMI and DisplayPort links
NCSC’s SilentGlass blocks malicious HDMI/DisplayPort links, protecting monitors from hardware attacks. Now commercialized for global use. The UK’s National Cyber Security Centre (NCSC) has launched SilentGlass, a new device to protect one of the most overlooked parts of modern IT systems: the physical links between screens and computers. It is a small plug-in security device…
-
Fake Document Reader App Hits 10K Downloads, Spreads Anatsa Malware
A newly discovered malicious Android application masquerading as a document reader was found on the Google Play Store, infecting users with the notorious Anatsa banking trojan. The app, which had already surpassed 10,000 downloads before its removal, highlights the ongoing threat of malware slipping through official app marketplaces. The malicious app was hosted on the…
-
GlassWorm malware attacks return via 73 OpenVSX “sleeper” extensions
A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 “sleeper” extensions that turn malicious after an update. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/glassworm-malware-attacks-return-via-73-openvsx-sleeper-extensions/
-
PyPI package with 1.1M monthly downloads hacked to push infostealer
An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/pypi-package-with-11m-monthly-downloads-hacked-to-push-infostealer/

