Zscaler found attackers using SEO poisoning and hidden prompts in malicious websites to manipulate AI agents into making cryptocurrency payments.
Mozilla 0DIN’s Claude Code demo shows how clean GitHub repos can expose AI coding agents to prompt injection, reverse shells, ...
Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS ...
Fake CVE exploit repos pull frint and skytext packages to steal researcher credentials, with servers still live as of July 1.
MCP tool poisoning turns trusted AI agents into a control plane for data loss. Learn how threat actors manipulate tool ...
Multiple weaponized proof-of-concept (PoC) exploits on GitHub delivered a Python-based remote access trojan (RAT) called ChocoPoC that can execute commands and steal sensitive data. However, ChocoPoC ...
The offices of Google are pictured in London on February 28, 2026. JUSTIN TALLIS/AFP via Getty Images Google released agents-cli on April 21, 2026, and it has shipped 13 updates in the 71 days since — ...
Explore the latest news and expert commentary on Application Security, brought to you by the editors of Dark Reading ...
Operation Navy Ghost is targeting Python developers who build Telegram bots by hiding backdoors inside trojanized Pyrogram forks uploaded to PyPI. The campaign has been active since November 2025, ...
Mirsad — a lightweight, dependency-free, taint-aware PHP static security scanner (SAST). Single Python file, no install. Outputs SARIF for GitHub code scanning. MIT. - salah23222/php-security-scanner ...