The DFIR Report55 · 7d ago
Bissa Scanner Exposed: AI-Assisted Mass Exploitation and Credential Harvesting
Key Takeaways We identified an exposed server that provided unusual visibility into a large-scale, multi-victim exploitation and collection operation. Artifacts on the host showed that Claude Code and OpenClaw were embedded in the operator’s day-to-day workflow, supporting troubleshooting, orchestration, and refinement of the collection pipeline. This AI-assisted workflow resulted in the modular platform Bissa scanner […] The post Bissa Scanner Exposed: AI-Assisted Mass Exploitation and Crede...
The Hacker News35 · 7d ago
Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles
Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that's distributed via a theme related to India's banking sector. "The backdoor communicates with a dynamic DNS-based command-and-control server over HTTPS and supports remote shell access, file operations, and session management, indicating a continued espionage-focused capability set rather than
HackerNoon27 · 6d ago
What Happens When AI Can Write Code But Not Explain It?
AI coding agents ship features faster than ever, but the humans inheriting that code can't explain how it works. Addy Osmani calls it "comprehension debt." The data backs it up: pull requests up 20%, incidents up 23.5%, maintenance costs at 4x by year two, and 45% of AI-generated code carrying known security vulnerabilities. 36 quotes from Karpathy, Willison, Osmani, Hightower, Fowler, MIT researchers, and others on what happens when code generation outpaces code understanding.
The Hacker News25 · 6d ago
Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
Cybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository. In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, including v2.1.20 and alpine, while also introducing a new v2.1.21 tag that does not correspond to an official release. The
The Hacker News25 · 7d ago
Toxic Combinations: When Cross-App Permissions Stack into Risk
On January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide open, exposing 35,000 email addresses and 1.5 million agent API tokens across 770,000 active agents. The more worrying part sat inside the private messages. Some of those conversations held plaintext third-party credentials, including OpenAI API keys shared between agents,
Security Boulevard20 · 7d ago
Sendmarc Review: Features, User Experiences, Pros & Cons (2026)
Is Sendmarc worth it in 2026? Discover its features, limitations, user reviews, and how it compares to PowerDMARC for email security. The post Sendmarc Review: Features, User Experiences, Pros & Cons (2026) appeared first on Security Boulevard .
The Register (Security)17 · 6d ago
Another npm supply chain worm is tearing through dev environments
Plus, the payload references 'TeamPCP/LiteLLM method' Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as it moves through developers' environments, and it shares significant overlap with the open source infections attributed to TeamPCP last month.…
Security Boulevard17 · 6d ago
Tropic Trooper Pivots to AdaptixC2 and Custom Beacon Listener
IntroductionOn March 12, 2026, Zscaler ThreatLabz discovered a malicious ZIP archive containing military-themed document lures targeting Chinese-speaking individuals. Our analysis of this sample uncovered a campaign leveraging a multi-stage attack chain where a trojanized SumatraPDF reader deploys an AdaptixC2 Beacon agent, ultimately leading to the download and abuse of Visual Studio (VS) Code tunnels for remote access. During our analysis, we observed that the threat actor likely targeted C...
Security Boulevard17 · 6d ago
[un]prompted 2026 – macOS Vulnerability Research: Augmenting Apple’s Source Code And OS Logs With AI Agents
Author, Creator & Presenter: Olivia Gallucci, Security Engineer, Datadog Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations' YouTube Channel . Permalink The post [un]prompted 2026 – macOS Vulnerability Research: Augmenting Apple’s Source Code And OS Logs With AI Agents appeared first on Security Boulevard .
Security Boulevard17 · 6d ago
You’re Not Watching MCPs. Anthropic’s Vulnerability Shows Why You Should Be.
Last week, researchers at OX Security published findings that should stop every security leader in their tracks. They discovered a critical vulnerability baked directly into Anthropic's Model Context Protocol SDK, affecting every supported language: Python, TypeScript, Java, and Rust. The result: remote code execution on any system running a vulnerable MCP implementation, with direct access to sensitive user data, internal databases, API keys, and chat histories. Over 7,000 publicly accessibl...
Help Net Security17 · 7d ago
New Mirai variants target routers and DVRs in parallel campaigns
Hidden inside newly discovered botnet malware is an unusual message from its creator: “AI.NEEDS.TO.DIE”. Dubbed “tuxnokill” by researchers at Akamai, the malware is one of two fresh Mirai botnet variants documented this month by major cybersecurity firms and, judging by the aforementioned hard-coded string, this particular variant might have been coded the old-fashioned way. “Tuxnokill” and “Nexcorium” Based on hits on the company’s global network of honeypots, Akamai found that tuxnokill is ...
Help Net Security17 · 7d ago
PentAGI: Open-source autonomous AI penetration testing system
Penetration testers have long relied on collections of specialized tools, manual coordination, and documented runbooks to work through a target assessment. PentAGI, an open-source project from VXControl, attempts to automate that entire workflow using a multi-agent AI system that plans, researches, and executes penetration tests with minimal human direction. How the agent system works PentAGI organizes work into a hierarchy of flows, tasks, subtasks, and actions. An orchestrator agent receive...
Help Net Security17 · 7d ago
Apple Intelligence flaw kept stolen tokens reusable on another device
Apple claims that Apple Intelligence, a GenAI service provided on its operating systems, is designed with an extra focus on user security and privacy through a two-stage authentication and authorization system using anonymous access tokens. However, researchers from The Ohio State University have identified vulnerabilities in this design, demonstrated on macOS 26.0 (Tahoe), that allow attackers to steal and reuse these tokens. Service infrastructure The system offloads complex requests to clo...
The Hacker News13 · 7d ago
Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape
A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring system. "Sandbox escape vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal," according to
Graham Cluley11 · 6d ago
Smashing Security podcast #464: Rockstar got hacked. The data was junk. The secrets it revealed were not
A company that ran anonymous tip lines for 35,000 American schools - handling reports of bullying, weapons, and self-harm - boasted on its website that it had suffered zero security breaches in over 20 years. A hacker called Internet Yiff Machine thought that sounded like a challenge, with predictable results... Meanwhile, Rockstar Games gets hacked again - and the stolen data turns out to be less embarrassing than the financial secrets it accidentally revealed. GTA Online is still making hal...
Help Net Security10 · 7d ago
Claude Mythos finds 271 Firefox flaws, Mozilla believes zero-days are numbered
The Mozilla Foundation tested Claude Mythos, an Anthropic AI model that has stirred debate in the cybersecurity community. Before granting access to Mythos, Mozilla scanned Firefox using Opus 4.6, which led to fixes for 22 security-sensitive bugs in Firefox 148. For instance, Mythos identified 271 vulnerabilities in Firefox 150. Firefox CTO Bobby Holley said other teams are beginning to experience the same “vertigo” that Mozilla felt when the findings first came into focus. “For a … More → Th...
The Daily WTF10 · 7d ago
Representative Line: Comment Overflow
Today, we look at a representative comment, sent to us by Nona . This particular comment was in a pile of code delivered by an offshore team. // https://stackoverflow.com/questions/46744740/lodash-mongoose-object-id-difference/46745169 "Wait," you say, "what's the WTF about a comment pointing to a Stack Overflow page. I do that all the time?" In this case, it's because this particular comment wasn't given any further explanation. It also wasn't in a block of code that was doing anything with ...
Freek Van der Herten8 · 7d ago
How Will LLMs Transform Us? AI as a Tool in the Future of Development
This article frames AI as a tool to support, not replace, developers, emphasizing the importance of staying in control of how and when it’s used. It encourages a thoughtful approach where developers leverage AI for efficiency while maintaining ownership of decisions and outcomes. Read more
IT Security Guru 8 · 7d ago
CyberSmart Partners with Renaissance to Deliver Complete Cyber Confidence for SMEs
Irish reseller Renaissance has announced a strategic partnership with CyberSmart, a UK-based cybersecurity provider focused on delivering continuous protection, compliance, and cyber risk management for small and medium-sized enterprises (SMEs). This collaboration brings CyberSmart’s cybersecurity solutions to a wider market, spanning real-time threat detection, vulnerability management, compliance assurance, and cybersecurity awareness training. Designed for simplicity […] The post CyberSmar...