AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE
Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution environments...
details
Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials
Ravie LakshmananMar 13, 2026VPN Security / Malware Microsoft has disclosed details of a credential theft campaign that employs fake virtual...
Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays
Ravie LakshmananMar 12, 2026Malware / Cybercrime Cybersecurity researchers have disclosed details of a new banking malware targeting Brazilian users that's...
Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks
Ravie LakshmananMar 12, 2026Artificial Intelligence / Malware Cybersecurity researchers have disclosed details of a suspected artificial intelligence (AI)-generated malware codenamed...
Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials
Ravie LakshmananMar 11, 2026 Vulnerability / Application Security Cybersecurity researchers have disclosed details of two now-patched security flaws in the...
Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT
Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various...
Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer
Ravie LakshmananMar 06, 2026Endpoint Security / Browser Security Microsoft on Thursday disclosed details of a new widespread ClickFix social engineering...
APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine
Ravie LakshmananMar 05, 2026Cyber Espionage / Threat Intelligence Cybersecurity researchers have disclosed details of a new Russian cyber campaign that...
APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2
Ravie LakshmananMar 04, 2026Malware / Windows Security Cybersecurity researchers have disclosed details of an advanced persistent threat (APT) group dubbed...
Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication
Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor...
New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel
Ravie LakshmananMar 02, 2026Vulnerability / Artificial Intelligence Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome...
Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor
Ravie LakshmananFeb 27, 2026Malware / Linux Security Cybersecurity researchers have disclosed details of a malicious Go module that's designed to...
Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown
Cybersecurity researchers have disclosed details of a new botnet loader called Aeternum C2 that uses a blockchain-based command-and-control (C2) infrastructure...
Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens
Ravie LakshmananFeb 26, 2026Malware / Software Security Cybersecurity researchers have disclosed details of a new malicious package discovered on the...
Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb
Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a...
