3+ hour, 1+ min ago  (635+ words) A wave of malicious skills targeting the Open Claw AI agent marketplace has exposed a dangerous new frontier in software supply chain security. Attackers are using the Claw Hub skill marketplace to push harmful code into AI agent environments, stealing…...

1+ hour, 48+ min ago  (634+ words) A newly discovered malware campaign has turned Google Chrome into a remote backdoor without breaking any of the browser's built-in rules. Spotted in June 2026, the attack arrived in Italian-language phishing emails that looked like standard business invoices. The email claimed…...

14+ hour, 42+ min ago  (637+ words) A dangerous Android banking trojan is once again spreading through the Google Play Store, hiding inside what appears to be a simple document reader app. The app has already been downloaded more than 100, 000 times, putting a large number of Android…...

2+ day, 2+ hour ago  (327+ words) A critical security vulnerability has been identified in the widely used libssh2 library, allowing remote attackers to execute arbitrary code through specially crafted SSH packets. The flaw, tracked as CVE-2026-55200, carries a CVSS score of 9. 2 and is classified under CWE-680 (Integer…...

8+ hour, 11+ min ago  (224+ words) Google has released a critical security update for its Chrome browser, pushing the Stable channel to version 149. 0. 7827. 196/197 for Windows and Mac, and 149. 0. 7827. 196 for Linux. The update addresses 18 security vulnerabilities, including four rated Critical and fourteen rated High severity, several of…...

16+ hour, 3+ min ago  (650+ words) A new and deceptive malware campaign has been uncovered, one that turns an everyday browser extension into a dangerous tool for system compromise. Security researchers have identified a threat that uses a malicious Microsoft Edge extension to break out of…...

21+ hour, 13+ min ago  (455+ words) A first-of-its-kind security analysis of 12 widely deployed agentic offensive-security tools reveals critical architectural flaws that allow adversaries to steal LLM API keys, establish persistent footholds, and achieve full host compromise even inside sandboxed containers. The study exposes a sweeping set…...

21+ hour, 8+ min ago  (635+ words) A newly identified malware cluster known as Ghost Shell has been found actively targeting Ukraine's drone operations and its broader defense supply chain. The campaign uses a sophisticated combination of techniques, including a mutual TLS implant and a Telegram-based dead-drop…...

5+ day, 8+ hour ago  (326+ words) A critical exploit chain dubbed Auto Jack that allows a single malicious web page to hijack Microsoft's Auto Gen Studio browsing agent and execute arbitrary code on the host machine without any user interaction beyond submitting a URL. Auto Jack…...

5+ day, 22+ hour ago  (1633+ words) On paper, each project may look manageable. In practice, the portfolio can become fragile very quickly." A delayed IAM dependency can slow down the rollout of privileged access controls. A cloud remediation stream can miss an audit commitment because the…...