SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
Infosecurity Magazine

macOS Backdoor Uses Prompt Injection to Evade AI Triage

A North Korea-linked macOS backdoor has been caught hiding a prompt injection that targets malware analyst's AI tools, rather ...
BeInCrypto

Ethereum’s Most Notorious MEV Bot Loses $7.5 Million in On-Chain Honeypot Trap

An attacker tricked the JaredFromSubway MEV bot into approving spending, then drained about $7.5 million in tokens.
CoinDesk

Ethereum's biggest 'sandwich' bot drained of $7.5 million in ironic exploit

Blockaid said an attacker tricked Jaredfromsubway.eth into approving fake trading routes, then used those approvals to drain ...

Meta-Harness for AI Agents: Databricks Releases Omnigent as Open Source

The Meta-Harness Omnigent combines AI agents like Claude Code and Codex under a common policy and collaboration layer – under ...
The Hacker News

Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware

North Korea-linked ScarCruft uses fake Microsoft Account alerts and ZIP files to deliver NarwhalRAT, a Python RAT built for ...
HousingWire

Fresh off seed round, BrokerBot eyes next phase of brokerage automation

Since launching in early 2025, BrokerBot has been deployed across 240-plus brokerages and more than 30,000 agent users.
techtimes

AI Agent Security Hits Its Reckoning: Prompt Injection May Be a Permanent Flaw, Not a Patchable Bug

Prompt injection is the technique of smuggling instructions to an AI agent through content the agent reads — a document, a calendar invite, a web page, a code comment — so that hostile text carries ...
Tom's Hardware on MSN

Hades malware campaign now tricks AI bots by injecting text about biological and nuclear weapons

This is probably the dictionary illustration for "deceptively simple." ...
The Hacker News

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Proofpoint says UNK_DeadDrop sent 250+ phishing emails to nearly 100 firms, using GitHub and VS Code lures to steal ...
The Guardian

Hackers trick Meta AI support bot to infiltrate Obama White House Instagram account

Breach of high-profile accounts raises concerns about reliance on AI for security measures such as passwords Hackers used Meta’s AI-powered support chatbot to infiltrate high-profile Instagram ...
MacRumors

Meta AI Support Bot Helped Hackers Hijack Instagram Accounts

Meta's AI support assistant has been helping hackers get access to high-profile Instagram accounts, according to reports on social media. With no verification check, ‌Meta‌ AI would change the email ...