Microsoft

Malicious AI Assistant Extensions Harvest LLM Chat Histories

Malicious AI browser extensions collected LLM chat histories and browsing data from platforms such as ChatGPT and DeepSeek.
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
SecurityWeek

New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM

Hulud-like Sandworm_Mode supply chain attack targets NPM developers to steal secrets and poison AI assistants.

WinUIpad: Adding New Features with AI and a Peek at the Future ⭐

Given my early success with Clairvoyance, I quickly moved to using this AI pair programming solution to help me add new ...
Analytics Insight

Aleksandr Loginov: “The Complexity does not Disappear, it just Moves Out of the User’s Way.”

At the end of 2025, Google made A2UI public as an open-source “agent-to-UI” format: an AI agent outputs a declarative JSON ...
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
New Electronics

Keeping a close watch

Do you know what’s happening in your devices? Isn’t it time to find out what's happening with your embedded software.
The Hacker News

North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT ...
Security Boulevard

Dust Specter APT Targets Government Officials in Iraq

IntroductionIn January 2026, Zscaler ThreatLabz observed activity by a suspected Iran-nexus threat actor targeting government officials in Iraq. ThreatLabz discovered previously undocumented malware ...