AI in Cyber

Chrome CVE made me go digging and I found a container image in prod that hasn't been updated since 2023

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

AI Agent Threat Intel (Feb 2026 month to date): Tool chain escalation displaces instruction override as #1 technique, agent-targeting attacks hit 26.4% - 91K production interactions

ROP the ROM: Exploiting a Stack Buffer Overflow on STM32H5 in Multiple Ways

Goodbye innerHTML, Hello setHTML: Stronger XSS Protection in Firefox 148 – Mozilla Hacks - the Web developer blog

UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware

Using Passkeys for more than just Auth

Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks

UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors

Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model

APT28 Targeted European Entities Using Webhook-Based Macro Malware

Another exposed Supabase DB strikes: 20k+ attendees and FULL write access

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb

⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More

Have you tried turning it off and on again? On bricking OT devices (part 2)

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP

Malicious Chrome extension targeting Apple App Store Connect developers through fake ASO service - full analysis

How a single typo led to RCE in Firefox

AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries

Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning

‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA

Your Samsung Weather App Is a Fingerprint: How saved locations create a persistent cross-session tracking identifier

In Memoriam: Jason Snitker, a.k.a. Parmaster. RIP Legend

Discovery & Analysis of CVE-2025-29969

[CVE-2026-0714] TPM-sniffing LUKS Keys on an Embedded Device

Compromising Cline's Production Releases just by Prompting an Issue Triager

CRESCENTHARVEST: Iranian protestors and dissidents targeted in cyberespionage campaign

Log Poisoning in OpenClaw

Prompt Injection Standardization: Text Techniques vs Intent

Almost Impossible: Java Deserialization Through Broken Crypto in OpenText Directory Services

When Audits Fail Part 2: From Pre-Auth SSRF to RCE in TRUfusion Enterprise

nono - kernel-enforced capability sandbox for AI agents

[Analysis] Massive Active GitHub Malware Campaign | Hundreds of Malicious Repositories Identified

sandboxec: A lightweight command sandbox for Linux, secure-by-default, built on Landlock.

Patch Tuesday, February 2026 Edition

Please Don’t Feed the Scattered Lapsus ShinyHunters

Who Operates the Badbox 2.0 Botnet?

Kimwolf Botnet Lurking in Corporate, Govt. Networks

Patch Tuesday, January 2026 Edition

Who Benefited from the Aisuru and Kimwolf Botnets?

The Kimwolf Botnet is Stalking Your Local Network