apple

Apple Compresses Patch Cycle After AI Uncovers Four WebKit Flaws

On June 29, 2026, Apple released iOS 26.5.2, iPadOS 26.5.2, macOS Tahoe 26.5.2, and Safari 26.5.2, addressing over 30 vulnerabilities.…

Jul 04, 2026views - 1.5k

malware

Avalon: The Malware Framework Merging AI and Multi-Evasion to Strike

The Avalon framework combines credential harvesting, multi-EDR evasion, and the CrownX ransomware into a single attack chain. Blackpoi…

Jul 03, 2026views - 1.5k

malware

BusySnake Stealer: The APT That Generates Malware With AI

Armored Likho uses LLMs to write first-stage payloads and PyArmor Pro to obfuscate them. Kaspersky's report reveals an infostealer tar…

Jul 03, 2026views - 1.6k

CYBERSECCRITICAL

Cursor Hit by Two Critical CVEs: RCE and Zero-Click via Sandbox Prompt Injection

Two vulnerabilities in Cursor rated CVSS 9.8 allow sandbox escape and remote code execution without user interaction. The fix is avail…

Jul 01, 2026views - 709

ransomware

AI-Generated Ransomware Attacks via Browser: No Payload, Just Chrome Permissions

Check Point analyzed a DeepSeek-generated sample that encrypts local files by abusing Chrome's File System Access API. No exploit, no…

Jul 01, 2026views - 862

CYBERSEC

Phantom Squatting: When AI Generates Your Next Supply-Chain Threat

Unit 42 documents a novel attack vector: adversaries proactively register domains hallucinated by LLMs to intercept traffic from AI-in…

Jul 01, 2026views - 685

agentic

Agentjacking: Fake Bug Report Hijacks AI Coding Agents, 85% Success Rate

Tenet Security researchers demonstrated on June 12, 2026 that a poisoned Sentry error report can hijack Claude Code, Cursor, and Codex…

Jul 01, 2026views - 1k

ai

BioShocking: How a Game Tricks Agentic AI into Stealing Credentials

LayerX researchers demonstrated BioShocking, a prompt injection attack that manipulates agentic AI browsers into exfiltrating sensitiv…

Jun 30, 2026views - 1.4k

CYBERSEC

DarkMoon: Open-Source AI Pentesting at $10 a Scan — and the Hard Limit of Vendor LLM Classifiers

DarkMoon separates LLM reasoning from execution via MCP to bypass Anthropic's safety classifiers. At roughly $10 per web-app scan, the…

Jun 29, 2026views - 942

CYBERSEC

OpenClaw: 5 Malicious Skills Evade AI Scanners for Months

Unit 42 reveals evasive skills on ClawHub exploiting semantic instruction hijacking. 80% of 49,943 skills analyzed show behavioral dev…

Jun 28, 2026views - 869

ai

Claude Code Tricked: Clean Repo Opens Reverse Shell

Mozilla 0DIN demonstrates that Claude Code executes malware from clean GitHub repositories by exploiting its own proactivity: a fabric…

Jun 28, 2026views - 1.3k

aiCVE

CVE-2026-12957: Cloud Credential Theft via Amazon Q Developer

A high-severity vulnerability (CVSS 8.5) in the Amazon Q Developer extension for VS Code allowed automatic execution of malicious MCP…

Jun 27, 2026views - 1.4k