Researchers uncovered serious AI bugs across Meta, Nvidia, Microsoft and open-source inference frameworks after tracking a ShadowMQ deserialization pattern built on ZeroMQ and Python pickle. At the same time, new research shows how Cursor’s AI IDE can be hijacked via rogue MCP servers, turning developer workstations into high-value malware delivery platforms if teams ignore AI supply-chain security.
Five facilitators admitted to helping North Korean remote IT workers infiltrate 136 US companies through stolen identities and “laptop farms,” sending more than $2.2 million back to the regime and exposing hidden risks in everyday hiring pipelines.
macOS now attracts serious attention from nation-state and criminal actors, especially credential stealers. A new public dataset, Malet, and a static analysis tool, Katalina, give defenders large-scale visibility into Mach-O malware traits. Teams can use them to tune EDR, test vendor claims, and finally treat Mac fleets as first-class citizens.
Researchers hammered ChatGPT, Gemini, and Claude with adversarial prompts across hate, self-harm, sexual content, and crime. Gemini Pro 2.5 leaked the most unsafe answers, Gemini Flash 2.5 resisted best, and Claude models looked strict but cracked under “academic-style” questions in some categories.
Researchers identified Android-based photo frames that auto-download malware at boot, then execute payloads after each restart. Consequently, attackers gain control on rooted devices with disabled SELinux and weak signing.
Kraken ransomware has quickly evolved into a cross-platform threat that can disrupt Windows, Linux, and VMware ESXi environments in a single campaign. By abusing SMB exposure, tunneling through Cloudflared, and using benchmark-driven encryption, the group focuses on high-value data, double extortion, and maximum downtime for large enterprises.
A threat actor has registered over 4,300 look-alike hotel booking domains, launching a large-scale phishing campaign that impersonates major travel brands to steal payment card data from unsuspecting guests.
A fake Chrome wallet called “Safery” steals seed phrases by encoding them into Sui addresses and sending dust transactions, allowing attackers to reconstruct mnemonics later. Consequently, users risk full account takeover. Enforce extension allowlists, remove unknown wallets, rotate seeds, and migrate assets to new addresses immediately.
The Washington Post reports a staff data breach tied to an Oracle E-Business Suite zero-day. Nearly 10,000 employees and contractors receive notices as responders verify scope and guide credit protection.
CISA warned that multiple federal agencies still haven’t fully patched Cisco ASA/FTD devices despite active exploitation. Because the campaign targets the VPN web server and enables device takeover, teams must apply fixes for CVE-2025-20333/20362, follow ED 25-03 inventory and validation steps, and disconnect end-of-support hardware. This analysis explains impact, attack flow, high-signal detection, and fast remediation so defenders can reduce edge-device risk without slowing operations.