Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...

A China-linked espionage group lived inside corporate cloud accounts for a year and a half by stealing trust instead of ...

Microsoftが、ChatGPT、Claude、DeepSeek、Microsoft CopilotなどのAIブランドをかたるフィッシング攻撃や、不正広告を使った誘導であるマルバタイジングが増えていると警告しています。 AI brands as bait: How threat actors are using the AI hype in social engineering | ...

As threat actors operationalize AI to accelerate attacks, they are also leveraging the wider global interest around AI itself as a social engineering lure. In recent months, Microsoft Threat ...

GGUF parser vulnerabilities disclosed May 15, 2026 include a critical integer overflow that lets any malicious model file ...

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard ...

Your weekly cybersecurity recap: a GitHub supply chain worm, an exploited Android flaw, Instagram account takeovers, and a ...

Windows Latestは2026年6月1日(現地時間)、MicrosoftがWindows ...

A Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor and ...