The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and ...

A critical-level flaw in a popular CMS, patched months ago, is now being abused.

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...

Lazarus Group has deployed RemotePE, a fully memory-resident trojan that is extremely hard for traditional antivirus and forensic tools to detect.

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was ...

Security researchers have developed a new image-based prompt injection attack that can manipulate how multimodal AI systems interpret user instructions without modifying the original text prompt, ...

AI agents are now being weaponized through prompt injection, exposing why model guardrails are not enough to protect enterprise data. Last week, researchers at Google and Forcepoint reported that ...

The British police said the attack on Wednesday was being treated as terrorism, and they warned of rising antisemitic hate crimes. By Megan Specia Reporting from London A knife attack against two ...

Malicious web prompts can weaponize AI without your input. Indirect prompt injection is now a top LLM security risk. Don't treat AI chatbots as fully secure or all-knowing. Artificial intelligence (AI ...

There appears to be a recent epidemic of users hijacking companies’ AI-powered customer service bots to turn them into generic AI assistants. The goal is to get the branded bots to do their bidding, ...