AI platforms can be abused for stealthy malware communication

AI assistants like Grok and Microsoft Copilot with web browsing and URL-fetching capabilities can be abused to intermediate ...

New Keenadu backdoor found in Android firmware, Google Play apps

A newly discovered and sophisticated Android malware called Keenadu has been found embedded in firmware from multiple device ...

Modern PDF platforms are becoming high-risk attack surfaces

Modern PDF platforms can now function as full attack gateways rather than passive document viewers.
InfoWorld

Flaws in four popular VS Code extensions left 128 million installs open to attack

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.
WeLiveSecurity

PromptSpy ushers in the era of Android threats using GenAI

ESET researchers discover PromptSpy, the first known Android malware to abuse generative AI in its execution flow ...

China-linked snoops have been exploiting Dell 0-day since mid-2024, using 'ghost NICs' to avoid detection

Full scale of infections remains 'unknown' China-linked attackers exploited a maximum-severity hardcoded-credential bug in ...
Windows Report

Congatec Unveils Panther Lake Modules With DDR5, LPDDR5X, and LPCAMM2 Support

Congatec’s lineup includes five embedded board variants that support several memory standards, such as LPDDR5X, DDR5 SO-DIMM, ...

How to test OpenClaw without giving an autonomous agent shell access to your corporate laptop

OpenClaw jumped from 1,000 to 21,000 exposed deployments in a week. Here's how to evaluate it in Cloudflare's Moltworker sandbox for $10/month — without touching your corporate network.
Dark Reading

Critical Grandstream VoIP Bug Highlights SMB Security Blind Spot

CVE-2026-2329 allows unauthenticated root-level access to SMB phones, so attackers can intercept calls, commit toll fraud, and impersonate users.

30 fake AI Chrome extensions caught stealing passwords and more

Security experts have uncovered dangerous Chrome extensions that promise or impersonate AI tools to steal sensitive data.
eWeek

Fake AI Chrome Extensions Exposed 260,000 Users, Targeting Gmail

Over 260,000 users installed fake AI Chrome extensions that used iframe injection to steal browser and Gmail data, exposing ...
The Independent

Hacking the grid: How digital sabotage turns infrastructure into a weapon

The integration of internet-connected computers into power grids is creating a world where the line between code and physical destruction is blurred COMMENT | SAMAN ZONOUZ | The darkness that swept ...