Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
CVE-2026-12957 in Amazon Q is the third MCP auto-execution vulnerability in three AI coding tools. The pattern reveals a ...
This project aims to create a modular test environment that simulates network attacks on web services using penetration testing software. To ensure modularity, the setup should allow for the ...
Wordfence has blocked 17M+ exploit attempts targeting a Gravity SMTP bug that leaks API keys, OAuth tokens, and full system reports without authentication.
Collection of official MongoDB agent skills for use in agentic workflows. For more information, refer to the MongoDB Agent Skills documentation. Install the plugin ...
Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod. This week is the same lesson in a new form: ...
A new Windows zero-day reportedly bypasses BitLocker, adding pressure on Microsoft as researchers debate the exploit’s real-world impact. A new Windows zero-day has turned BitLocker, one of ...
Security researcher Nightmare Eclipse has released a new Windows BitLocker bypass, only one day after publishing an exploit targeting Microsoft Defender. Named GreatXML, the fresh exploit allows users ...
Exploiting a race condition in Microsoft Defender, the exploit leads to local privilege escalation to SYSTEM. A security researcher has released another zero-day exploit targeting Microsoft’s Windows ...
Update: Added statement from Microsoft to the end of this article. A security researcher has released a new Microsoft Defender zero-day exploit named "RoguePlanet" just hours after Microsoft fixed two ...
Anthropic has published research showing that its Claude Mythos Preview model can turn public software patches into working exploits within hours. The company said the process has often required ...