Securonix uncovers the Veil#Drop malware framework, which abuses compromised websites and Google Blogspot to deploy the PureLog information stealer.
An "agentic threat actor" successfully exploited a Langflow flaw to steal data from a production database server and encrypt ...
Managed Authorisation extension to stable status, adding a centralised way for organisations to control access to MCP servers ...
With Claude's Fable 5 model back in Claude Code as of July 1 after an 18-day export-control shutdown, developers are resuming the long-horizon autonomous sessions the tool was designed for — and ...
Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted ...
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Claude Code dynamic workflows are now generally available on all paid plans, including Pro for the first time. The feature writes its own orchestration scripts and coordinates up to 1,000 parallel ...
Securonix says PureLogs infection starts with a fake PDF JavaScript file and uses PowerShell, fileless .NET loading, and LOLBins.
Decades-old Bash shell tricks can bypass safeguards in most open source AI coding agents, creating a new software supply ...
VS Code 1.26 prevents automatic code execution for new project folders, lets users configure whether code can be executed ...
A major overhaul of the Model Context Protocol due next month removes several longstanding protocol-level security risks but ...