The Steam Workshop is being used to spread malware to thousands of users

Steam is one of the most popular storefronts in PC gaming, but it turns out that the Steam Workshop might presently be ...
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...
WeLiveSecurity

EvilTokens: A phishing attack that doesn’t steal your password

A phishing kit subverting Microsoft’s legitimate authentication flow lets attackers break into accounts without stealing ...

"Thought It Was a Security Alert Email"...Warning Issued Over Malicious MS Impersonation Emails

A cyberattack has been discovered in which emails impersonating Microsoft (MS) security alerts are being used to spread ...
CSO Online

Claude Code has an MCP security problem — and your developers are already using it

Claude Code is Anthropic’s AI coding assistant — a command-line tool that developers are adopting fast. It connects to ...
GitHub

Azure Cosmos DB SQL API client library for Python

Azure SDK Python packages support for Python 2.7 has ended 01 January 2022. For more information and questions, please refer to #20691 Azure Cosmos DB is a globally distributed, multi-model database ...
GIGAZINE

A vulnerability in the open-source package 'Starlette,' which is downloaded more than 300 million times a week, has put millions of AI agents at risk.

Security researcher Markus Vervier warns that Starlette, an open-source framework used by millions of AI agents and tools worldwide, has a critical vulnerability. Millions of AI agents imperiled by ...
Dark Reading

Hackers Use AI for Exploit Development, Attack Automation

Threat actors are abusing AI tools in increasingly sophisticated ways, including exploit development and attack orchestration. Google today published new research tracking how adversaries leverage AI ...
The Hacker News

PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks

A pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks actively targeting servers running TrueConf video conferencing software in Russia since September 2025. That's ...
Business Wire

Semgrep Launches Multimodal, Combining AI Reasoning With Rule-Based Analysis for Detection, Triage, and Remediation

SAN FRANCISCO--(BUSINESS WIRE)--Semgrep, a leading code security company, today announced Semgrep Multimodal, a system that combines AI reasoning with rule-based analysis for detection, triage, and ...
theregister

OpenClaw patches one-click RCE as security Whac-A-Mole continues

Security issues continue to pervade the OpenClaw ecosystem, formerly known as ClawdBot then Moltbot, as multiple projects patch bot takeover and remote code execution (RCE) exploits. The initial hype ...
IEEE

A Code-Based Anonymous Authentication Scheme for Vehicular Ad Hoc Networks

Abstract: Currently, the majority of authentication mechanisms in vehicular ad hoc networks (VANETs) are predominantly based on elliptic curve cryptography (ECC). However, with the rise of quantum ...