A security incident involving the Trust Wallet Chrome extension shows how attackers can abuse browser extension architecture to compromise cryptocurrency wallets and silently expose user funds.
Researchers uncovered serious AI bugs across Meta, Nvidia, Microsoft and open-source inference frameworks after tracking a ShadowMQ deserialization pattern built on ZeroMQ and Python pickle. At the same time, new research shows how Cursor’s AI IDE can be hijacked via rogue MCP servers, turning developer workstations into high-value malware delivery platforms if teams ignore AI supply-chain security.
A newly disclosed flaw in Adobe Commerce (formerly Magento) dubbed “SessionReaper” enables attackers to hijack live customer sessions via the REST API. With proof-of-concept exploit code now public and over 250 attacks detected in a single day, administrators must act immediately.
Researchers documented CVSS 8.9 command injection in three official Claude Desktop extensions Chrome, iMessage, and Apple Notes. Because those connectors built AppleScript commands with unescaped user input, prompt injection could pivot from web content to local shell execution on macOS. Anthropic patched the issues. This analysis explains the exploit chain, the fixes, and the validation steps security teams should run to keep MCP servers safe.
Sixty-four South Koreans were repatriated from Cambodia and are now under investigation for alleged involvement in large-scale online scam networks. Their return follows a scandal involving a student’s death, prompting Seoul to launch a crackdown on illicit recruitment and fraud operations.
The Silver Fox group, long known for precision-targeted malware operations, has extended its Winos 4.0 campaign into Japan and Malaysia. Security experts now observe the deployment of HoldingHands RAT through malicious PDF attachments and deceptive software installers.
A new campaign runs a clever tech support scam by hijacking Microsoft’s trusted branding. Victims encounter fake emails, CAPTCHA checks, browser-locking overlays, and a bogus phone “helpdesk” all designed to steal credentials or remote access. This article breaks down how the scam works, real indicators, and how you can defend yourself.
The UK now endures four nationally significant cyber attacks every week. Here’s the verified picture behind the surge, the sectors feeling the pressure, why the threat curve steepened, and how security teams should respond without delay.
Attackers hide malware behind invisible npm dependencies and install-time scripts, which bypass static scanners and drain tokens. Close install-time egress, ban URL dependencies, and add dynamic checks.
Salesforce has flagged a significant incident where applications published by Gainsight enabled unauthorized access to customer data via OAuth tokens. This article breaks down what happened, why third-party integrations are the new attack surface, and how defenders can respond immediately.