The Silent Breach: How Organizational Drift Becomes An Identity Threat

It’s the passive accumulation of identity drift. Every organization experiences drift: a slow erosion of alignment between who should have access and who actually does. It doesn’t happen through ...
The Hacker News

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb

Researchers uncover wormable XMRig campaign using BYOVD exploit and LLM-built React2Shell attacks hitting 90+ hosts.
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
Dark Reading

Attackers Use New Tool to Scan for React2Shell Exposure

Researchers say threat actors used the sophisticated — and unfortunately named — toolkit to target high-value networks for ...
Live Bitcoin News

OpenAI Drops EVMbench After Claude Vibe Code Disaster

OpenAI launches EVMbench to test AI agents on smart contract security days after Claude Opus 4.6-assisted code triggered a $1.78M DeFi exploit.
Computer Weekly

PromptSpy Android malware may exploit Gemini AI

A newly-uncovered malware targeting the Android operating system seems to exploit Google’s Gemini GenAI tool to help it maintain persistence.

OpenAI introduces EVMbench to measure AI crypto security

OpenAI introduces EVMbench to measure AI crypto security. Benchmark evaluates detection, patching and exploit skills. OpenAI has launched a benchmarking system called EVMbench to evaluate how ...