OpenAI responds to Axios HTTP hack by updating security certificates.

When hackers got access to an account belonging to the maintainer of Axios they inserted a script that granted remote access to users’ Windows, macOS, and Linux devices. This malicious version ...

Tencent moves to rein in AI content flood on WeChat with stricter rules

Updated guidelines target mass-produced and AI-rewritten posts, reflecting growing concern over the spread of low-effort content Tencent Holdings' super app WeChat has updated its content governance ...

Well-timed bets on Polymarket tied to the Iran war draw calls for investigations from lawmakers

Calls are increasing inside Congress for investigations into the prediction market platform Polymarket after the latest ...

MCP, Agent Tool Access And The New Execution-Layer Security Gap

The execution layer has already shifted from humans to machines. This transition is not a future trend; it is the current ...
Biometric Update

The role of intent in securing AI agents

As AI agents move into production, security teams are confronting a familiar challenge: bringing autonomous systems under ...

Class-action lawsuit against pharmacy benefit manager could face long road ahead

A class-action lawsuit that could see thousands of patients reclaiming access to their neighborhood Martella’s Pharmacy ...

Mac Script Editor becomes new entry point for ClickFix malware

ClickFix attacks targeting Mac users now use Script Editor instead of Terminal, a shift that sidesteps Apple's latest ...
Microsoft

Inside an AI‑enabled device code phishing campaign

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.
CSO Online

Security lapse lets researchers view React2Shell hackers’ dashboard

The campaign is stealing credentials from unpatched servers at scale, due to “neglect and efficiency,” says analyst, and the ...
Hackaday

This Week In Security: The Supply Chain Has Problems

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...
Microsoft

Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments

Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting ...

SORBA.ai Releases Version 10.7: Integration with Inductive Automation Ignition SCADA 8.3 & Expanded AI Model Creation

Major release delivers seamless Ignition SCADA, enterprise-grade security, advanced ML algorithms, and private cloud ...