![[un]prompted 2026 – Kinetic Risk: Securing And Governing Physical Al In The Wild](https://securityboulevard.com/wp-content/uploads/2018/01/TwitterLogo-002.jpg)
We Need a Shared Responsibility Model for AI
Over the past 6-8 months, researchers at my company discovered vulnerabilities across multiple AI tools that allowed external bad actors...
discovered
Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites
Image: Justin Morgan/Unsplash A web developer discovered dozens of malicious WordPress plugins with buried backdoors that had compromised thousands of...
108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users
Ravie LakshmananApr 14, 2026Data Theft / Browser Security Cybersecurity researchers have discovered a new campaign in which a cluster of...
36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
Ravie LakshmananApr 05, 2026Malware / DevSecOps Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised...
New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images
Ravie LakshmananApr 03, 2026Mobile Security / Threat Intelligence Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple...
The Arms Race is Already Over. You Just Don’t Know Which Side Won.
Anthropic recently announced that Claude Opus 4.6 autonomously discovered more than 500 zero-day vulnerabilities in open-source software, including libraries...
Axios Compromise on npm Introduces Hidden Malicious Package
A newly discovered software supply chain attack targeting the npm ecosystem briefly compromised one of the most widely used...
Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels
Ravie LakshmananMar 30, 2026Malware / Network Security Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that's distributed via...
WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites
Ravie LakshmananMar 26, 2026Malware / Web Security Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels...
Microsoft Authenticator Flaw on Android, iOS Could Leak Login Codes for Millions
Image: Aminu Abdullahi/TechRepublic A newly discovered vulnerability in Microsoft Authenticator could expose sensitive login codes to malicious apps on the...
Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets
Cybersecurity researchers have discovered half-a-dozen new Android malware families that come with capabilities to steal data from compromised devices and...
Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets
Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the...
Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials
Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan...
Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model
Ravie LakshmananMar 07, 2026Browser Security / Artificial Intelligence Anthropic on Friday said it discovered 22 new security vulnerabilities in the...
Smashing Security podcast #457: How a cybersecurity boss framed his own employee
When a top cybersecurity firm discovered it had a leak, you would expect the FBI to be called. Instead, the...
