macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets

A ClickFix campaign targeting macOS users delivers an AppleScript-based infostealer that collects credentials and live ...
ITWeb

ANALYSIS: Big Tech sets AI to catch AI

AI companies are holding back models that could be used in cyber attacks, instead deploying them to build defence systems.
Security Boulevard

Vercel Breach: How a Roblox Cheat Download Led to a $2M Data Heist Through AI Tool OAuth Abuse

Vercel breached after attacker compromised Context.ai, hijacked an employee's Google Workspace via OAuth, and accessed ...
SecurityWeek

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

CISA has added eight more vulnerabilities to the KEV catalog, including Cisco, Kentico, and Zimbra flaws not previously ...
Le Lézard

Chainguard and Cursor Partner to Secure Agentic Coding with Trusted Open Source

Chainguard, the trusted source for open source, today announced a partnership with Cursor, the leading multi-model AI coding platform, to secure the next generation of agentic software development.
The Caledonian-Record

ESET Research: New NGate hides in NFC payment app, possibly built with AI

ESET researchers discovered a new NGate malware variant abusing the legitimate Android HandyPay application.To trojanize HandyPay, threat actors most likely used GenAI.The campaign has been ongoing si ...
Arabian Post

Formbook phishing turns stealth into scale

Two separate phishing campaigns are hitting organisations with Formbook, a long-running information stealer that continues to adapt its delivery methods to slip past traditional Windows defences. The ...
Cyber Daily

Cutting eedge: Anthropic’s Claude Mythos preview is a “double-edged sword,” expert says

Frontier models with a focus on cyber security and vulnerability hunting are a boon to network defenders – but the race ...
The Hacker News

Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

Antigravity Strict Mode bypass disclosed Jan 7, 2026, patched Feb 28, enables arbitrary code execution via fd -X flag.

Attack at Mexican pyramids that killed Canadian was planned, officials say

The assailant may have timed attack to coincide with the Columbine shooting anniversary, according to authorities ...
VentureBeat

Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A security researcher, working with colleagues at Johns Hopkins University, opened a GitHub pull request, typed a malicious ...