1K+ cloud environments infected via Trivy attack
…They were able to do this because, back in February, the same crew exploited a misconfiguration in Trivy's GitHub Action component and stole a privileged access token. This security issue was…
Search
Microsoft Azure CTO says Claude found vulns in Apple II code
…Russinovich had Claude Opus 4.6, released early last month , look over the code. It decompiled the machine language and found several security issues, including a case of "silent incorrect behavior" where…
AI agents are 'gullible' and easy to turn into your minions
…done over the past couple of years - presented at Black Hat and other security conferences - developing working exploits in all of the big AI assistants that require no user interaction. Earlier this…
Russian crims phish way into Signal and WhatsApp accounts
…According to the agencies, the attackers approach targets directly via chats and persuade them to share security verification codes or PINs, effectively giving the intruders full access to the account. In some…
Documentation can contain malicious instructions for agents
…security experts have shown can be exploited by uploading malicious code under the invented package name. Shmueli's PoC cuts out the hallucination step by suggesting fake dependencies in documentation that coding…
AI agent hacked McKinsey chatbot for read-write access
…CodeWall uses AI agents to continuously attack customers' infrastructure, to help them improve their security posture. According to the startup, its own security agent suggested targeting McKinsey, citing the consulting company's…
Don't glamorize cybercrims, roast them instead
…There's also an exploit developer named cortana9000 who found a Cisco remote code execution bug ( CVE-2026-20045 ) under active exploitation by government-backed goons and asked on a forum, "so…
Amazon security boss: AI makes pentesting 40% more efficient
…Instead, it's holding hiring flat while adding more cloud services, features, and lines of code, and also maintaining the same level of security, but at a much higher velocity, according to…
AI slop got better, so now maintainers have more work
…Even if the reports are better, the issues being identified aren't necessarily security flaws that can be exploited and need to be corrected. As evidence, Stenberg points to curl's public…
Hundreds compromised daily in Microsoft device code phishes
…that code into a browser on a separate device to complete the authentication process. This makes it easy for the user to sign in, but it comes with a security tradeoff. "Because…