Infosecurity Magazine

New “Agentjacking” Attacks Could Hijack AI Coding Agents

Tenet Security researchers reveal how new “agentjacking” attacks could trick coding agents into executing arbitrary code ...

WebMCP Can Be Used To Hijack AI Agents, Chrome Warns

Chrome's WebMCP guidance warns that AI agents can be manipulated through the tools they are built to trust.
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
InfoWorld

Protocol Buffers schemas expose remote code execution risk

Researchers at Cyera found six vulnerabilities in prtobuf.js, including a flaw that can turn attacker-controlled schema data ...
InfoWorld

33 LLM metrics to watch closely

Look to these key metrics and benchmarks to evaluate the performance, capability, reliability, and safety of your AI models ...
Dark Reading

Fake Android Apps Commit Carrier Billing Fraud for Premium Services

A financially motivated threat actor is targeting Android users in Malaysia, Thailand, Romania, and Croatia with malware that covertly enrolls victims in premium, carrier-billed services. The campaign ...
Tom's Hardware on MSN

Hades malware campaign now tricks AI bots by injecting text about biological and nuclear weapons

This is probably the dictionary illustration for "deceptively simple." ...
BGR

Over 200 Fake Android Apps Are Quietly Stealing Money From Phone Bills

A new malware scam is silently executing billing fraud, targeting users based on their phone carriers and locations. Uncovered by cybersecurity group Zimperium, the campaign used nearly 250 Android ...
The Hacker News

Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues

Microsoft confirms it temporarily removed GitHub repos after Miasma worm compromised 73 of its open-source projects to inject ...

WordPress malware uses Steam profile comments for command and control

The comments on some Steam Profiles are actually loaded with invisible malware.
The Caledonian-Record

Aware Expands Awareness Platform Capabilities with Key Partnerships to Deliver Smarter Identity ...

Aware, Inc. (NASDAQ: AWRE), a global leader in biometric orchestration, today announced substantial innovations to the Awareness Platform™. New offerings include expanded biometric ...