A developer reverse-engineering Anthropic's Claude Code binary discovered on June 30, 2026, that the tool had been silently encoding hidden signals into its AI system prompts for at least three months ...
A threat actor has been exploiting CVE-2026-48558, a critical SimpleHelp vulnerability, to drop TaskWeaver and Djinn Stealer ...
Decades-old Bash shell tricks can bypass safeguards in most open source AI coding agents, creating a new software supply ...
Vitalik Buterin outlined how advanced cryptography could enable private onchain voting without trusted committees, though the ...
Microsoft disrupted StegoAd, a malicious browser extension campaign affecting up to 2.6 million users. StegoAd used hidden payloads, delayed execution and steganography to evade browser security ...
Island found dormant JavaScript injection paths in Adblock for YouTube, a Chrome extension with 10M+ installs, raising ...
Polymarket hack stemmed from a compromised third-party vendor that injected malicious JavaScript into the platform’s frontend. Over 11 wallets lost PUSD on Polygon; stolen funds were bridged to ...
This week’s cybersecurity recap covers Firefox and Chrome bugs, EDR-killer tools, a TV botnet, an OpenBSD flaw, Android ...
IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...
A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...
Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud supply-chain attack that delivered malware designed to steal developer secrets.