#nuget-malware
#nuget-malware

Mozilla says it patched 271 Firefox vulnerabilities thanks to Anthropic's Claude Mythos

Mozilla's use of Anthropic's Claude Mythos model successfully identified and patched 271 vulnerabilities in Firefox, showcasing AI's potential in cybersecurity.

fromwww.bbc.com

AI hacking tools like Mythos can be 'net positive' says top cyber official

AI tools can enhance cyber-security if secured properly, according to the UK's top cyber official.

Software development

3 hours ago

Mythos found 271 Firefox flaws - none a human couldn't spot

Mythos AI model significantly improves bug detection, identifying 271 vulnerabilities in Firefox 150, marking a pivotal moment for software security.

Artificial intelligence

fromEngadget

Mozilla says it patched 271 Firefox vulnerabilities thanks to Anthropic's Claude Mythos

Mozilla's use of Anthropic's Claude Mythos model successfully identified and patched 271 vulnerabilities in Firefox, showcasing AI's potential in cybersecurity.

fromwww.bbc.com

AI hacking tools like Mythos can be 'net positive' says top cyber official

AI tools can enhance cyber-security if secured properly, according to the UK's top cyber official.

more#ai

fromSitePoint Forums | Web Development & Design Community

6 hours ago

Why Your OpenClaw Setup is a "Malicious Insider" in Waiting

OpenClaw's capabilities pose significant security risks, revealing vulnerabilities that can be exploited by malicious insiders.

#cybersecurity

8 hours ago

Privacy professionals

Unauthorized group has gained access to Anthropic's exclusive cyber tool Mythos, report claims | TechCrunch

Information security

Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

Information security

Critical Microsoft GitHub Flaw Highlights Dangers to CI/CD Pipelines: Tenable - DevOps.com

Node JS

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

fromwww.theguardian.com

2 hours ago

UK could face hacktivist attacks at scale', says head of security agency

The UK may face large-scale hacktivist attacks during conflicts, similar to recent ransomware incidents, with no option to pay ransoms for recovery.

NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs

A new Android malware called NGate abuses the HandyPay app to conduct NFC relay attacks and steal payment card information.

Privacy professionals

8 hours ago

Unauthorized group has gained access to Anthropic's exclusive cyber tool Mythos, report claims | TechCrunch

Unauthorized users accessed Mythos, a cybersecurity tool by Anthropic, through a third-party vendor, raising concerns about its potential misuse.

Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

A vulnerability in Google's Antigravity IDE allowed code execution through insufficient input sanitization in the find_by_name tool.

Critical Microsoft GitHub Flaw Highlights Dangers to CI/CD Pipelines: Tenable - DevOps.com

A critical vulnerability in a Microsoft GitHub repository allows attackers to exploit CI/CD infrastructure and run arbitrary code.

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

36 malicious npm packages disguised as Strapi CMS plugins facilitate exploitation and credential harvesting.

fromwww.theguardian.com

2 hours ago

UK could face hacktivist attacks at scale', says head of security agency

The UK may face large-scale hacktivist attacks during conflicts, similar to recent ransomware incidents, with no option to pay ransoms for recovery.

fromwww.independent.co.uk

NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs

A new Android malware called NGate abuses the HandyPay app to conduct NFC relay attacks and steal payment card information.

more#cybersecurity

UK politics

10 hours ago

Iran, Russia and China behind most major cyberattacks on UK, security chief warns

The Independent provides critical journalism on key issues without paywalls, emphasizing the importance of accessible reporting.

DevOps

fromInfoQ

GitHub Acknowledges Recent Outages, Cites Scaling Challenges and Architectural Weaknesses

GitHub acknowledged recent service disruptions due to rapid growth and infrastructure limitations, impacting developer workflows and confidence in the platform.

Former FBI official proposes terror designations for ransomware hackers targeting hospitals

Ransomware actors targeting critical infrastructure may be designated as terrorists, allowing for expanded legal actions against them.

Information security

Ransomware negotiator pleads guilty to helping ransomware gang | TechCrunch

Information security

Third US Security Expert Admits Helping Ransomware Gang

Healthcare

fromNextgov.com

Former FBI official proposes terror designations for ransomware hackers targeting hospitals

Ransomware actors targeting critical infrastructure may be designated as terrorists, allowing for expanded legal actions against them.

Information security

Ransomware negotiator pleads guilty to helping ransomware gang | TechCrunch

Information security

Third US Security Expert Admits Helping Ransomware Gang

Artificial intelligence

The MCP Disclosure Is the AI Era's 'Open Redirect' Moment

AI vendors' response to security flaws: It wasn't me

AI vendors promote AI for security but often dismiss flaws as intended behavior.

Information security

AI agents on GitHub leak API keys via prompt injection

Information security

Git identity spoof fools Claude into giving bad code the nod

AI code reviewers can be deceived into approving malicious code by spoofing trusted developer identities using Git commands.

Information security

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

A prompt injection attack method named 'Comment and Control' targets AI code security tools, allowing attackers to hijack AI agents using crafted GitHub comments.

Artificial intelligence

The MCP Disclosure Is the AI Era's 'Open Redirect' Moment

The Model Context Protocol has a design flaw that enables AI supply chain attacks, posing a significant security risk to enterprise AI systems.

AI vendors' response to security flaws: It wasn't me

AI vendors promote AI for security but often dismiss flaws as intended behavior.

AI agents on GitHub leak API keys via prompt injection

Three popular AI agents on GitHub Actions are vulnerable to Comment and Control attacks, allowing attackers to steal API keys and access tokens.

Git identity spoof fools Claude into giving bad code the nod

AI code reviewers can be deceived into approving malicious code by spoofing trusted developer identities using Git commands.

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

A prompt injection attack method named 'Comment and Control' targets AI code security tools, allowing attackers to hijack AI agents using crafted GitHub comments.

more#ai-security

Half of the 6 Million Internet-Facing FTP Servers Lack Encryption

Approximately 6 million internet-accessible systems are using FTP today, and almost half of them do not use encryption, exposing enterprises and end users to avoidable risks.

Privacy professionals

fromTNW | Next-Featured

Lovable security crisis: 48 days of exposed projects, closed bug reports, & the structural failure of vibe coding security

Lovable's security incidents expose vulnerabilities in AI-generated code and highlight a market focus on growth over security.

fromZero Day Initiative

Zero Day Initiative - Node.js Trust Falls: Dangerous Module Resolution on Windows

Node.js module resolution can lead to security vulnerabilities if malicious packages are placed in the root node_modules directory.

Guardarian Users Targeted With Malicious Strapi NPM Packages

A supply chain attack targeting the Strapi ecosystem involved 36 malicious NPM packages delivering various harmful payloads.

#vercel

fromInfoWorld

Information security

Hackers exploit Vercel's trust in AI integration

fromSiliconANGLE

Information security

Developer tooling provider Vercel discloses breach that exposed some users' data - SiliconANGLE

Information security

Next.js Creator Vercel Hacked

Vercel Confirms Major Security Incident as Hacker Claims $2M Ransom Demand

Vercel confirmed a security incident involving unauthorized access to internal systems, with a threat actor claiming to sell stolen company data.

fromThe Verge

Information security

Cloud development platform Vercel was hacked

Information security

App host Vercel confirms security incident, says customer data was stolen via breach at Context AI | TechCrunch

fromInfoWorld

Hackers exploit Vercel's trust in AI integration

Sensitive secrets should be treated as potentially exposed and rotated as a priority.

fromSiliconANGLE

Developer tooling provider Vercel discloses breach that exposed some users' data - SiliconANGLE

Vercel experienced a security breach through Context.ai, compromising limited customer data and employee information.

Next.js Creator Vercel Hacked

Vercel confirmed a data breach involving unauthorized access to internal systems and compromised customer credentials.

Vercel Confirms Major Security Incident as Hacker Claims $2M Ransom Demand

Vercel confirmed a security incident involving unauthorized access to internal systems, with a threat actor claiming to sell stolen company data.

fromThe Verge

Cloud development platform Vercel was hacked

Vercel experienced a security breach due to a compromised third-party AI tool, leading to the exposure of customer data.

App host Vercel confirms security incident, says customer data was stolen via breach at Context AI | TechCrunch

Vercel experienced a data breach due to a compromised employee account linked to Context AI, exposing customer credentials.

Mozilla: Anthropic's Mythos found 271 zero-day vulnerabilities in Firefox 150

AI tools like Mythos enhance cybersecurity by making vulnerability discovery cheaper and more efficient for defenders.

fromWIRED

13 hours ago

Mozilla Used Anthropic's Mythos to Find and Fix 151 Bugs in Firefox

Mozilla's Firefox 150 includes protections for 271 vulnerabilities identified using AI tools, highlighting the significant impact of AI on cybersecurity.

fromArs Technica

10 hours ago

Mozilla: Anthropic's Mythos found 271 zero-day vulnerabilities in Firefox 150

AI tools like Mythos enhance cybersecurity by making vulnerability discovery cheaper and more efficient for defenders.

fromWIRED

13 hours ago

Mozilla Used Anthropic's Mythos to Find and Fix 151 Bugs in Firefox

Mozilla's Firefox 150 includes protections for 271 vulnerabilities identified using AI tools, highlighting the significant impact of AI on cybersecurity.

more#ai-in-cybersecurity

Dozens of Malicious Crypto Apps Land in Apple App Store

Over two dozen fake cryptocurrency apps targeting iOS users have been found in the Apple App Store, aimed at stealing recovery phrases and private keys.

18 minutes ago

As Mythos fixes Mozilla flaws, unauthorized access spells disaster

Firefox's Claude Mythos Preview addresses 271 vulnerabilities, but unauthorized access raises concerns about potential misuse by threat actors.

Axios npm Package Compromised in Supply Chain Attack

A significant supply chain attack on Axios introduced a Remote Access Trojan via hijacked maintainer accounts, affecting numerous developer environments.

Top npm package backdoored to drop dirty RAT on dev machines

A widely used npm library, axios, was compromised to deliver malware through a maintainer's hijacked account.

Hackers compromise Axios npm package to drop cross-platform malware

Hackers compromised the Axios npm account to distribute remote access trojans across multiple operating systems.

fromInfoQ

Axios npm Package Compromised in Supply Chain Attack

A significant supply chain attack on Axios introduced a Remote Access Trojan via hijacked maintainer accounts, affecting numerous developer environments.

Top npm package backdoored to drop dirty RAT on dev machines

A widely used npm library, axios, was compromised to deliver malware through a maintainer's hijacked account.

Hackers compromise Axios npm package to drop cross-platform malware

Hackers compromised the Axios npm account to distribute remote access trojans across multiple operating systems.

Unsecured Perforce Servers Expose Sensitive Data From Major Orgs

Many internet-facing Perforce P4 servers are misconfigured, exposing sensitive information and allowing unauthorized access.

58% of Organizations Spend Over 10 Hours a Month Securing AI-generated Code

31% of organizations using AI-generated code spend 10 hours or less per month on validation and auditing, raising security concerns.

Software development

fromInfoWorld

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Malicious VS Code extensions impersonate legitimate developer tools like ESLint, Prettier, and AI coding assistants to infiltrate systems through the Open VSX marketplace.

Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster

Progress Software released patches for multiple vulnerabilities in MOVEit WAF and LoadMaster that could lead to remote code execution and command injection.

Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

Serial-to-IP converters have serious vulnerabilities that can expose critical systems to remote attacks.

Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster

Progress Software released patches for multiple vulnerabilities in MOVEit WAF and LoadMaster that could lead to remote code execution and command injection.

Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

Serial-to-IP converters have serious vulnerabilities that can expose critical systems to remote attacks.

macOS ClickFix attacks deliver AppleScript stealers

A ClickFix campaign targets macOS users with an AppleScript infostealer that collects sensitive data from various browsers and cryptocurrency wallets.

Microsoft Defender Flaws Exploited on Windows, Two Left Unpatched

Three new security flaws in Microsoft Defender are actively exploited, with only one patched, allowing full SYSTEM-level access to attackers.

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Threat actors are exploiting three vulnerabilities in Microsoft Defender for elevated privileges, with one flaw already addressed by Microsoft.

Microsoft Defender Flaws Exploited on Windows, Two Left Unpatched

Three new security flaws in Microsoft Defender are actively exploited, with only one patched, allowing full SYSTEM-level access to attackers.

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Threat actors are exploiting three vulnerabilities in Microsoft Defender for elevated privileges, with one flaw already addressed by Microsoft.

more#microsoft-defender

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

A critical vulnerability in SGLang allows remote code execution via a crafted GGUF model file, with a CVSS score of 9.8.

fromnews.bitcoin.com

Dune Data Reveals Close to 50% of Layerzero Apps Use Basic Security

Nearly half of Layerzero applications use the lowest level of DVN security, raising concerns about cross-chain vulnerabilities.

fromwww.businessinsider.com

Nation states responsible for 'nationally significant' cyber attacks against UK, says NCSC chief | Computer Weekly

The UK faces increased cyber security threats from hostile states and AI advancements, with an average of four significant attacks weekly.

Security Leaders Discuss the Vercel Breach

The Vercel data breach highlights the risks of targeted account takeovers and the importance of effective communication during security incidents.

20 hours ago

Information security

Hot AI startup Lovable's security stumble shows one big risk in vibe coding

Vercel Breach Originated from an Employee's AI Tool

Vercel confirmed a data breach caused by a third-party AI tool used by an employee, impacting a limited subset of customers.

Security Leaders Discuss the Vercel Breach

The Vercel data breach highlights the risks of targeted account takeovers and the importance of effective communication during security incidents.

fromwww.businessinsider.com

20 hours ago

Hot AI startup Lovable's security stumble shows one big risk in vibe coding

Lovable experienced a security issue allowing access to user data, prompting concerns about vibe coding among software engineers.

Vercel Breach Originated from an Employee's AI Tool

Vercel confirmed a data breach caused by a third-party AI tool used by an employee, impacting a limited subset of customers.

The cookbook for safe, powerful agents

Capability without control in AI agents creates vulnerabilities, necessitating a structured control architecture for safe deployment.

20 hours ago

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with eight new flaws, including high-severity bugs in Cisco and Kentico products.

Hackers Abuse QEMU for Defense Evasion

Threat actors are exploiting QEMU for ransomware and remote access tool deployment, with increased activity observed since late 2025.

Kubernetes attack surface explodes: number of threats quadruples

Kubernetes faces a surge in cyberattacks, with a 282% increase in attempts, particularly targeting the IT sector and crypto exchanges.

Aikido Endpoint offers developers additional protection against supply chain attacks

Aikido Endpoint protects developers' endpoints from supply chain attacks by blocking high-risk installations before they reach the system.

fromArs Technica

Anthropic's Mythos AI model sparks fears of turbocharged hacking

AI-enabled cyber attacks surged 89% in 2025, with attackers acting within 29 minutes of gaining access.

Over 800 Android Apps Targeted in PIN-Stealing Trojan Campaign

Hackers exploit Android's overlay feature to capture PINs and monitor user interactions across over 800 apps using banking trojans.

Malicious NPM Package Gets Downloaded 50K Times Before Discovery - DevOps.com

A malicious npm package downloaded 50,000 times used naming deception and preinstall script hooks to evade detection and compromise Windows, Linux, and macOS systems.

Bluesky Disrupted by Sophisticated DDoS Attack

The attack is impacting our application, with users experiencing intermittent interruptions in service for their feeds, notifications, threads and search.

Information security

The Open Source Trap: Why Trust Isn't a Security Strategy - DevOps.com

The software supply chain is vulnerable due to reliance on under-resourced open source maintainers, requiring active organizational support for security.

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Threat actors have shifted to new phishing platforms after Tycoon 2FA's disruption, reusing its tools and increasing overall phishing attacks.

Attackers are targeting developers via Slack and Google Sites

A targeted phishing campaign exploits trust in the open-source community, tricking developers into providing credentials and installing malicious software.

3 days ago

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Threat actors have shifted to new phishing platforms after Tycoon 2FA's disruption, reusing its tools and increasing overall phishing attacks.

Attackers are targeting developers via Slack and Google Sites

A targeted phishing campaign exploits trust in the open-source community, tricking developers into providing credentials and installing malicious software.

more#phishing

#nist

Surging CVE disclosures force NIST to shake up workflows | Computer Weekly

NIST is changing its approach to handling CVEs, focusing on those with the greatest potential impact due to increased submissions.

NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions

NIST will only enrich certain cybersecurity vulnerabilities in its database due to a surge in CVE submissions.

NIST updates NVD: not every CVE will be scrutinized

NIST is updating its vulnerability assessment methodology due to an overwhelming increase in CVEs, prioritizing critical vulnerabilities for analysis.

NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software

NIST updates its National Vulnerability Database operations to prioritize enriching critical CVEs due to a surge in submissions.

Surging CVE disclosures force NIST to shake up workflows | Computer Weekly

NIST is changing its approach to handling CVEs, focusing on those with the greatest potential impact due to increased submissions.

NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions

NIST will only enrich certain cybersecurity vulnerabilities in its database due to a surge in CVE submissions.

NIST updates NVD: not every CVE will be scrutinized

NIST is updating its vulnerability assessment methodology due to an overwhelming increase in CVEs, prioritizing critical vulnerabilities for analysis.

NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software

NIST updates its National Vulnerability Database operations to prioritize enriching critical CVEs due to a surge in submissions.

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

Threat actors exploit vulnerabilities in TBK DVR and TP-Link routers to deploy Mirai-botnet variants, targeting IoT devices for large-scale attacks.

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

#north-korea

Information security

North Korean social engineering campaign targets macOS users | Computer Weekly

North Korea targets macOS users in latest heist

North Korean criminals use social engineering and fake software updates to steal Apple users' credentials and cryptocurrency.

Information security

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

North Korean social engineering campaign targets macOS users | Computer Weekly

A North Korean campaign targeting macOS users tricked victims into executing malicious files, leading to credential and data theft.

North Korea targets macOS users in latest heist

North Korean criminals use social engineering and fake software updates to steal Apple users' credentials and cryptocurrency.

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

Contagious Interview campaign targets Go, Rust, and PHP ecosystems with malicious packages that function as malware loaders.

Cursor AI Vulnerability Exposed Developer Devices

A vulnerability in Cursor AI allows attackers to hijack developer machines via malicious repositories without user interaction.

Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites

Malicious WordPress plugins with backdoors compromised thousands of websites, demonstrating a supply-chain attack and leading to their permanent removal.

fromTNW | Apps

30+ WordPress plugins bought on Flippa and backdoored in supply chain attack

A significant WordPress plugin compromise involved a backdoor planted in over 30 plugins, exposing a critical vulnerability in plugin ownership transfer and update mechanisms.

Someone planted backdoors in dozens of WordPress plugins used in thousands of websites | TechCrunch

Dozens of WordPress plugins were compromised by a backdoor, distributing malicious code after a change in ownership of the plugin maker.

Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites

Malicious WordPress plugins with backdoors compromised thousands of websites, demonstrating a supply-chain attack and leading to their permanent removal.

fromTNW | Apps

30+ WordPress plugins bought on Flippa and backdoored in supply chain attack

A significant WordPress plugin compromise involved a backdoor planted in over 30 plugins, exposing a critical vulnerability in plugin ownership transfer and update mechanisms.

Someone planted backdoors in dozens of WordPress plugins used in thousands of websites | TechCrunch

Dozens of WordPress plugins were compromised by a backdoor, distributing malicious code after a change in ownership of the plugin maker.

Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days

Microsoft released a significant security update addressing 165 vulnerabilities, including two critical zero-days, marking one of the largest updates in its history.

Exploited Vulnerability Exposes Nginx Servers to Hacking

A critical vulnerability in Nginx UI allows attackers to take full control of servers, affecting numerous deployments worldwide.

Ancient Excel bug comes out of retirement for active attacks

A 17-year-old critical Excel vulnerability is actively being exploited, prompting CISA to issue a patch deadline for federal agencies.

#supply-chain-attacks

Two different attackers poisoned popular open source tools

Two major supply chain attacks in March compromised open source tools, stealing data from numerous organizations.

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

GlassWorm supply-chain campaign compromised 433 components across GitHub, npm, and VSCode/OpenVSX, using a single Solana blockchain address for command-and-control across coordinated attacks targeting cryptocurrency wallets and developer credentials.

Two different attackers poisoned popular open source tools

Two major supply chain attacks in March compromised open source tools, stealing data from numerous organizations.

more#supply-chain-attacks

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

fromSiliconANGLE

Hackers compromise popular Axios Javascript library with hidden malware - SiliconANGLE

Axios HTTP client library was hacked to distribute malware via a compromised npm account, affecting multiple operating systems.

Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea

The 2024 Polyfill.io supply chain attack affecting over 100,000 websites involved both Chinese and North Korean threat actors, with Funnull serving as a corporate front for the operation.

Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware

NCryptYo is a stage-1 execution-on-load dropper. When the assembly loads, its static constructor installs JIT compiler hooks that decrypt embedded payloads and deploy a stage-2 binary - a localhost proxy on port 7152 that relays traffic between the companion packages and the attacker's external C2 server, whose address is resolved dynamically at runtime.

Information security

2 months ago

'PackageGate' Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Six vulnerabilities in major JavaScript package managers (NPM, PNPM, VLT, Bun) allow bypassing supply chain protections and enable remote code execution.