The Hacker News

China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns

China-linked Amaranth-Dragon and Mustang Panda target Southeast Asian governments using WinRAR exploit and PlugX phishing ...
Infosecurity Magazine

New Hacking Campaign Exploits Microsoft Windows WinRAR Vulnerability

A hacking campaign took just days to exploit a newly disclosed security vulnerability in Microsoft Windows version of WinRAR, ...
The Hacker News

OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

A high-severity OpenClaw flaw allows one-click remote code execution via token theft and WebSocket hijacking; patched in ...

The Double-Edged Sword of Non-Human Identities

Leaked non-human identities like API keys and tokens are becoming a major breach driver in cloud environments. Flare shows ...

How recruitment fraud turned cloud IAM into a $2 billion attack surface

Adversaries weaponized recruitment fraud to steal cloud credentials, pivot through IAM misconfigurations, and reach AI ...
DevdiscourseOpinion

Teaching AI to hack may be the only way to secure the internet

The preprint, To Defend Against Cyber Attacks, We Must Teach AI Agents to Hack, released on arXiv, challenges the prevailing ...

Hugging Face Repositories Abused in New Android Malware Campaign

Attackers exploited Hugging Face’s trusted infrastructure to spread an Android RAT, using fake security apps and thousands of ...
CoinDesk

Crypto’s worst year for hacks wasn’t a smart contract issue. It was a people problem.

Cryptocurrency’s security story is changing, and not in the way most investors expect or would like to, as while crypto losses are on the rise, so too is onchain security. Even as 2025 went down as ...

The New Perimeter Is Identity — And It’s Moving Faster Than We Are

As AI shifts from helpful copilot to independent operator, enterprises are discovering that identity—not networks or ...
Cyber Defense Magazine

Why Digital Asset Exchanges Remain Prime Targets For Cybercriminals

The hype around the exploits of centralized digital asset exchanges (CEX) and democratized digital asset exchanges (DEX) ...

Infostealers added Clawdbot to their target lists before most security teams knew it was running

RedLine, Lumma, and Vidar adapted in 48 hours. Clawdbot's localhost trust model collapsed, plaintext memory files sit exposed ...

Moltbot Gets Another New Name, OpenClaw, And Triggers Security Fears And Scams

After changing its name from Clawdbot to Moltbot to OpenClaw within days, the viral AI agent faces security questions and a ...