A critical vulnerability in LangChain Core exposes AI-powered applications to manipulation of execution logic and unsafe workflow behavior, reinforcing the urgent need for stronger security controls in AI orchestration frameworks.
Australia’s eSafety Commissioner may classify GitHub as a social network and ban kids under 16 from using it. Officials argue GitHub’s social features resemble TikTok and Discord, but critics say the move could block young coders from learning and accessing open-source tools
Japanese organizations continue facing ransomware incidents that cause months of operational disruption. This investigative analysis explores how long-tail damage unfolds, why attackers target Japan’s supply chain ecosystem, and how companies can strengthen long-term resilience.
Google has disclosed a widespread Oracle-linked hacking campaign impacting dozens of organizations across sectors including energy, tech, and logistics. The operation, active since mid-2025, exploited software integrations between vendors and clients marking one of the year’s most significant supply chain cyberattacks.
A new phishing technique called CoPhish abuses Microsoft Copilot Studio agents to steal OAuth tokens via trusted Microsoft domains, bypassing traditional security filters and highlighting the growing threat within low-code platforms.
BreachStars emerges as the latest reincarnation of BreachForums, pledging better infrastructure and security. However, rebooting a notorious hacker forum brings old challenges and new vulnerabilities.
A worm-like spam campaign flooded npm with tens of thousands of fake packages, polluting search results and straining CI/CD. Consequently, treat registries as hostile input. Enforce allowlists, verify npm provenance with Sigstore, disable lifecycle scripts by default, and promote dependencies through SLSA-aligned stages to cut risk.
A phishing vulnerability in vLex’s Vincent.ai exposed lawyers and law firms to AI-driven cyberattacks. Attackers manipulated the legal research tool to embed malicious links into AI-generated responses, creating a new avenue for targeted phishing in the legal sector.
Qualcomm’s Guardian aims to rival Intel vPro with always-on device control via built-in cellular connectivity, but the tradeoff may threaten privacy and trust.
Cybersecurity researchers have exposed GuardCB, a fake Russian antivirus app that hides powerful spyware. The malware, known as Android.Backdoor.916.origin, can spy on calls, texts, passwords, and even live stream audio and video from infected devices. Targeting Russian businesses, the app pretends to run virus scans while secretly exfiltrating sensitive data.