Tag: malicious
-
Silent Ransom Group (SRG): Switching To DNS Fast Flux Infrastructure
Tags: attack, cybersecurity, data-breach, dns, group, infrastructure, intelligence, law, malicious, network, ransomResearchers exposed the Silent Ransom Group ‘s Fast Flux infrastructure as the FBI warns of ongoing attacks targeting U.S. law firms and businesses. Resecurity uncovered the Silent Ransom Group (SRG)’s Fast Flux network infrastructure and shares available intelligence with the cybersecurity community to disrupt their malicious activities and enable ISP/DNS providers to counter this threat.…
-
Hugging Face Vulnerability Allows Remote Code Execution
Hugging Face flaw allows RCE from malicious AI models. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/hugging-face-vulnerability-allows-remote-code-execution/
-
What 2026 DBIR Confirms: Attacks Are Living in the Browser
Phishing, shadow AI, malicious extensions, and credential theft increasingly happen inside the browser. Keep Aware explains what the 2026 Verizon DBIR reveals about browser-layer security gaps and modern attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/what-2026-dbir-confirms-attacks-are-living-in-the-browser/
-
Hugging Face Transformers Security Flaw Allows Remote Code Execution
A critical security flaw in Hugging Face Transformers, tracked as CVE-2026-4372, has exposed millions of machine learning workflows to silent remote code execution (RCE) through a malicious model configuration. Discovered by Pluto Security researcher Yotam Perkal, the issue allows attackers to execute arbitrary code on a victim’s system simply by tricking them into loading a…
-
AI is helping low-skill hackers pull off advanced cyberattacks
Anthropic has published an analysis of cyber-related misuse of its AI systems, examining 832 accounts that were banned for malicious cyber activity between March 2025 and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/05/anthropic-ai-cyber-activity-analysis/
-
Malicious Browser Add-Ons Target Major AI Chatbot Users
Malicious browser add-ons are actively harvesting conversations and personal data from users of major AI platforms including ChatGPT, Claude, Copilot, Gemini, and DeepSeek. The threat leverages ostensibly helpful Chrome extensions VPNs, sidebars, and “AI assistants” to intercept agentic-AI interactions, exfiltrate chat histories, and aggregate sensitive information that users routinely share with generative models. Analysis of…
-
New SHub Stealer Variant Targets Major Browsers and Crypto Wallets
Threat actors have resurfaced with an upgraded SHub stealer for macOS, now branded “Reaper,” and they’re using a stealthy distribution trick that should worry every Mac user. Attackers build fake download pages for popular apps (WeChat, Miro and others) and employ an automated ClickFix technique that opens Apple’s Script Editor preloaded with malicious code. One…
-
Malicious Python Package Mimics Parsimonious Parser
A sophisticated typosquatting attack targeting Python developers through a malicious package named >>parsimonius<< on the Python Package Index (PyPI). The rogue package was engineered to impersonate the legitimate parsimonious parsing library, a well-known tool for building recursive descent parsers in Python, by altering just a single character in the package name. The attack exemplifies a…
-
Your AI agent could become your biggest insider threat
New research details how the increasing integration of AI agents into businesses is making it easier than ever for insiders – malicious or otherwise – to put sensitive data at risk. First seen on cyberscoop.com Jump to article: cyberscoop.com/ai-agent-insider-threat-cybersecurity-dtex/
-
Malicious WhatsApp, Slack Alerts Could Have Exposed Millions of Android Users
SafeBreach found a now-fixed Gemini Android flaw that let malicious WhatsApp and Slack alerts manipulate AI responses and tools. The post Malicious WhatsApp, Slack Alerts Could Have Exposed Millions of Android Users appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-whatsapp-slack-alerts-could-manipulate-gemini-android/
-
Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories
A security researcher found a flaw in Anthropic’s Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic’s own action repo used the same workflow, a working attack could have pushed malicious code into the action itself and onto…
-
Barracuda Finds Malicious Microsoft 365 Logins Are Blending In
Barracuda finds that trusted Microsoft 365 logins can hide attacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/barracuda-finds-malicious-microsoft-365-logins-are-blending-in/
-
Infosecurity Europe: AI Adoption Creates New Opportunities for Attackers to Distribute Malware, Microsoft Warns
Microsoft Detection and Response Team (DART) details how it has uncovered malicious AI applications as cyber criminals manipulate organizations adopting AI tools First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/attackers-ai-adoption-malware/
-
Supply Chain Attack Hits Dozens of npm Packages via binding.gyp
A large-scale npm supply chain attack has compromised at least 57 packages across more than 286 malicious versions in a rapid, coordinated campaign that unfolded in under two hours on June 3, 2026. The attack began at approximately 23:30 UTC with the compromise of @vapi-ai/server-sdk, the official Vapi.ai voice AI SDK with over 408,000 monthly…
-
Malicious Ads Target macOS Users with FlutterShell Backdoor
Hackers are leveraging large-scale malvertising campaigns to distribute a newly identified macOS backdoor dubbed FlutterShell, marking a significant evolution in financially motivated adware operations. Security researchers tracking the activity attribute it to a broader cluster known as CL-CRI-1089 and have named the ongoing campaign Operation FlutterBridge. The campaign builds on earlier activity linked to the…
-
Fake Claude Code Installer Spreads Fileless .NET Infostealer
Hackers are actively abusing interest in AI development tools by launching a sophisticated SEO poisoning campaign that impersonates Anthropic’s Claude Code installation flow to deliver a fully fileless .NET infostealer, according to researchers at Howler Cell. The campaign targets users searching for “Claude Code install,” placing a malicious lookalike page at the top of search…
-
FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads
Tags: attack, backdoor, cybercrime, cybersecurity, google, group, macOS, malicious, malware, networkCybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell.According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity cluster dubbed JSCoreRunner (aka FileRipple) in late August 2025. The cybercrime group behind the two…
-
IronWorm npm Attack Steals Developer Secrets
Tags: attack, credentials, crypto, cyber, data-breach, finance, malicious, software, supply-chain, wormA newly uncovered supply chain attack dubbed “IronWorm” is leveraging malicious npm packages to compromise developer environments, steal sensitive credentials, and propagate itself across repositories in a worm-like fashion. The campaign, identified in the wild, targets software developers with a particular focus on crypto and Web3 ecosystems, where exposed secrets can yield immediate financial value.…
-
Malicious ChatGPT Download Website Tricks Users via Sponsored Search Listings
Threat actors are abusing paid search ads to push a fake ChatGPT download site, underscoring how malvertising is increasingly used to target users who trust well-known AI platforms. The campaign relies on a lookalike site and sponsored listings to trick users into downloading malware under the guise of a legitimate ChatGPT installer. Malicious ChatGPT Download…
-
ClawHub, Cisco, and Vercel Skill Detection Tools Evaded by Malicious Uploads
Security researchers have shown that AI skill security scanners from ClawHub, Cisco, and Vercel’s skills.sh can be reliably bypassed using simple techniques, raising serious concerns about agentic AI supply chain defenses. In tests conducted by Trail of Bits, multiple malicious skills designed to exfiltrate data, hijack agents, or execute arbitrary code were successfully uploaded and…
-
Hackers Exploit Google Gemini Flaw Using Malicious Messages from WhatsApp, Slack, and SMS
Hackers are exploiting a newly discovered flaw in Google’s Gemini voice assistant by sending malicious messages via popular platforms such as WhatsApp, Slack, Signal, Instagram, Messenger, and SMS. The vulnerability, uncovered by SafeBreach Labs, shows how attackers can secretly inject instructions into Gemini’s conversation context via instant message notifications. This lets them manipulate the assistant…
-
WhatsApp, Slack Notifications Could Hijack Google Gemini on Android
A single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini’s voice assistant on Android and made it open a victim’s connected windows, fake a message from their boss, push the phone into a Zoom call, or quietly poison its long-term memory.No malicious app on the phone is required.…
-
Hackers Leverage AI-Powered Tools to Streamline Active Directory Compromise
A threat campaign in which attackers leveraged AI-powered tools to streamline Active Directory (AD) compromise and accelerate endpoint detection and response (EDR) evasion testing. The activity, observed on June 2, 2026, was triggered by suspicious files originating from the path C:\Users\User\Documents\test. Sophos investigation revealed a collection of malicious components forming a structured post-exploitation framework designed to…
-
1-Click GitHub Vulnerability Enables OAuth Token Theft
A newly disclosed vulnerability in GitHub’s browser-based editor, GitHub.dev, allows attackers to steal powerful OAuth tokens with just a single click, giving them read and write access to private repositories. The flaw exploits how Visual Studio Code (VSCode) webviews handle keyboard events and message passing, enabling a malicious repository to execute attacker-controlled actions inside the…
-
50+ Malicious Chrome Extensions Hit 30K Users
50+ malicious Chrome extensions posing as “live wallpaper” utilities have been caught running an adware operation that hijacks browser behavior and quietly pushes remote HTML content to around 30,000 users. These extensions were distributed through at least three publisher accounts and made available via the Chrome Web Store and third”‘party download portals that advertised animated…
-
Red Hat Confirms Supply Chain Breach Impacting @redhatservices npm Packages
Red Hat has confirmed a supply chain security breach impacting multiple npm packages under the @redhat-cloud-services namespace, as detailed in security bulletin RHSB-2026-006 released on June 2, 2026. The incident was publicly disclosed a day earlier and stems from a compromised GitHub account that introduced malicious code into trusted repositories maintained within Red Hat’s infrastructure.…
-
DriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate Attacks
A sneaky, wide-scale IAB operation uses a malicious traffic distribution system (TDS) to redirect visitors of trusted websites to ones that deliver malware. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/drivesurge-hijacks-thousands-sites-clickfix-fakeupdate-attacks
-
Russia claims foreign spy agencies hacked officials’ phones
In a statement, Russia’s Federal Security Service (FSB) said it had uncovered what it described as a “large-scale operation” involving malicious software installed on the mobile devices of senior Russian officials. First seen on therecord.media Jump to article: therecord.media/russia-claims-foreign-spy-agencies-hacked-gov-officials
-
OT attacks shift from recon to physical control, raising stakes
Malicious hackers are no longer just snooping around OT systems, researchers warn. They’re preparing to cause real-world damage. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366643451/OT-attacks-shift-from-recon-to-physical-control-raising-stakes

