A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram ...
The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp.
Microsoft’s AutoJack research shows how a malicious webpage rendered by an AI browsing agent can reach local MCP services and execute arbitrary processes on the underlying system.
A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers ...
Operation Navy Ghost is targeting Python developers who build Telegram bots by hiding backdoors inside trojanized Pyrogram forks uploaded to PyPI. The campaign has been active since November 2025, ...
GitGuardian is introducing Developer Endpoint Protection, extending its secrets and non-human identity (NHI) security ...
Security researchers at Cybernews discovered on June 12 what they describe as one of the largest credential databases ever left exposed online — a publicly accessible Elasticsearch cluster holding 24 ...
The same day OpenAI announced the most significant expansion of its Daybreak cybersecurity initiative since the platform launched in May, intelligence agencies from all five nations of the Five Eyes ...
Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
Attackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels in Python proof-of-concept (PoC) repositories ...
X has launched a hosted MCP server, making it easier for developers to connect AI applications with the company’s API.
Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...