EvilAI operators are hiding malware in legitimate-looking AI tools that appear functional and signed, enabling reconnaissance, browser data exfiltration, and encrypted C2 communication across global targets.
Attackers actively exploit a Linux kernel use-after-free. Patch quickly, reduce local attack surface, and verify coverage with high-signal detections and a weekly baseline review.
F5 guided first-quarter revenue below expectations as customers extend risk reviews after a breach. Demand remains, yet sales cycles lengthen while teams validate exposure and remediation.
Encrypted doesn’t mean invisible. Microsoft’s “Whisper Leak” shows a passive observer can classify AI chat topics by watching packet sizes and timing on streaming language models. Here’s how the side-channel works, who can exploit it, and which mitigations actually move the needle.
Researchers developed a $50 memory interposer, dubbed “Battering RAM,” that can bypass Intel SGX and AMD SEV-SNP confidential computing protections by manipulating memory paths.
The new LAMEHUG malware uses AI models from Hugging Face to generate Windows commands dynamically. It spreads through phishing, disguises itself as AI apps, and steals system data, documents, and credentials while adapting to different environments.
Google has launched a new AI Vulnerability Reward Program (AI VRP) that pays up to $30,000 for critical flaws in its AI systems. Covering products such as Gemini, Search, and Workspace, the initiative bridges responsible AI research with traditional bug bounty frameworks, rewarding ethical hackers who strengthen AI security.
On October 20, 2025, a critical outage at AWS’s US-EAST-1 region triggered a cascading failure that knocked out major apps and services worldwide. This article dissects the root cause, impact, and what organisations must do now to shore up resilience.
A cluster of malicious NuGet packages plants delayed logic bombs that crash apps, corrupt databases, and disrupt Siemens S7 PLCs. Remove the dependencies, rebuild from clean mirrors, and test with date-manipulation harnesses. Lock down registries, verify publishers, and stream build/runtime logs off-box to detect abuse early.
As organisations deploy hundreds of AI agents each year, security teams face unprecedented risk. This article outlines a robust framework to govern AI at scale, align speed with control and embed security from day one.