GuardFall Bypass Exploits Shell Injection in Open-Source AI Coding Agents
New research from Adversa AI, dubbed 'GuardFall,' reveals that ten out of eleven popular open-source AI coding agents are vulnerable to a…
New research from Adversa AI, dubbed 'GuardFall,' reveals that ten out of eleven popular open-source AI coding agents are vulnerable to a…
A new attack technique called BioShocking, discovered by security firm LayerX, exploits AI browsers and assistants by tricking them into leaking user…
Microsoft has removed 119 malicious extensions from the Edge Add-ons store that used steganography to hide malware in image and font files.…
Google Threat Intelligence Group (GTIG) has attributed a previously undocumented .NET backdoor named STOCKSTAY to the Russian state-sponsored threat actor Turla. The…
GitHub has announced significant security changes for npm version 12, set to release next month, aimed at mitigating software supply chain attacks.…
Attackers hijacked over 400 packages in the Arch User Repository (AUR) by adopting orphaned projects and modifying build scripts to deploy a…
Cybersecurity researchers have uncovered two malicious campaigns linked to North Korean threat actors, exploiting developer tools like Microsoft Visual Studio Code (VS…
An unknown threat actor has been observed leveraging paid or promoted posts on legitimate news websites to promote a cryptocurrency clipboard hijacker.…
Cybersecurity researchers at JFrog have uncovered a set of malicious npm packages that masquerade as legitimate PostCSS tools to deliver a Windows-based…
PolinRider is a North Korean threat group known for injecting obfuscated JavaScript into legitimate developers' configuration files across compromised GitHub repositories to…