Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
CrowdStrike data and OpenAI's admission confirm prompt injection as a dominant enterprise AI attack vector. 65% of ...
The same day OpenAI announced the most significant expansion of its Daybreak cybersecurity initiative since the platform launched in May, intelligence agencies from all five nations of the Five Eyes ...
ReliaQuest observed attackers generating OAuth tokens and using Python scripts to query Salesforce's API for extended periods, as data was stolen. Huntress later disclosed that its own Salesforce ...
State-sponsored threat groups have increased their cyber operations targeting countries and government entities in Latin America and the Caribbean, as the US and China take a more active geopolitical ...
A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions. Tool and payload development ...
Security professionals have spent two decades defending against human attackers who use automation as a force multiplier. That model is obsolete. The adversary now fielding against every ...
Credential theft fell to 13% of breach vectors in 2026. Attackers now bypass MFA via help desk resets and OAuth token theft. Five attack surfaces mapped.
A single developer. One poisoned extension. Five supply chain surfaces compromised in 48 hours. And a threat group claiming their tool was built by Claude. On May 20, 2026, GitHub confirmed Opens a ...
Google reported the first confirmed AI-assisted zero-day exploit, raising new concerns about logic flaws, supply chain risk, and containment. AI-assisted hacking has crossed from theory into a ...
Software systems control many key parts of society, including government agencies, medical services, utilities, and national defense infrastructure. Protecting these systems, however, is challenging ...