OpenClaw AI agent found falling for phishing attacks, spills user data
Phishing simulation on an OpenClaw email agent with various configuration profiles showed that it was susceptible to tactics commonly used to compromise huma...
Manufacturing
20 articles
Anthropic’s new model is Mythos on a leash
Claude Fable 5 offers Mythos-level performance for most tasks with safeguards on sensitive topics. Anthropic claims testing found no universal jailbreaks.
Rockwell Automation adds AI-powered security tools to SecureOT Suite
Rockwell Automation has announced the launch of three enhanced offerings within the SecureOT solution suite: OT Cybersecurity Assessment Suite, SecureOT Plat...
New BitB Phishing Attack Targets Microsoft 365 Logins
A new Browser-in-the-Browser (BitB) phishing campaign is abusing fake OAuth login windows to steal Microsoft 365 credentials, and its design is polished enou...
Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks
The most recent variants of the self-propagating attacks are named Miasma and Hades. The post Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain ...
Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer
The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Pyt...
Treating AI agents like service accounts for federated query security
In this interview with Help Net Security, Paras Malhotra, CISO at Starburst, explains how the company handles data governance across federated query environm...
Shai-Hulud Malware Campaign Abuses 23 PyPI Packages in Developer-Focused Attack
A rapidly evolving supply chain campaign dubbed “Shai-Hulud” is targeting developers through malicious Python packages. Researchers have identified 23 newly ...
Meet Hades: The malware that lies to AI security agents
Threat actors are continuing their onslaught against software supply chains, now with malware named after death itself. The newly-discovered Hades Campaign i...
ICYMI: May 2026 @AWS Security
Read all about the latest AWS security features, compliance updates, and hands-on resources in our new, monthly digest posts. You’ll find expert blog posts, ...
VS Code adds 2-hour delay for extension updates to combat supply chain threats
Starting with VS Code version 1.123, extensions will undergo a two-hour waiting period after publication before being automatically updated, provided automat...
VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks
Microsoft has announced that Visual Studio Code (VS Code) will apply a two-hour delay before extensions for the integrated development environment (IDE) are ...
Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack
Microsoft's GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain attack campaign. The incident impac...
Miasma Malware Hits 32 Red Hat Packages via Compromised GitHub Account
32 Red Hat npm packages compromised by Miasma malware expose cloud tokens, CI/CD secrets and developer credentials in supply chain attack.
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packag...
Patching fast and slow: Ruby devs delay to defend against supply chain attack
The team behind RubyGems, a package hosting site for Ruby developers, has added a new feature to bundler, a tool for managing Ruby packages (or ‘gems’) to pr...
Advancing Cybersecurity in the Age of Frontier AI: Qualys Steps into Project Glasswing
The cybersecurity industry has spent much of the last two years debating how attackers might use AI. That debate matters, but it misses a larger point: defen...
New Gafgyt Variant Targets Linux Systems With Modular Spread Tactics
A new Gafgyt-family botnet, tracked as C0XMO, marks a notable technical shift in IoT malware design: the separation of scanning and propagation into distinct...
AI is helping low-skill hackers pull off advanced cyberattacks
Anthropic has published an analysis of cyber-related misuse of its AI systems, examining 832 accounts that were banned for malicious cyber activity between M...
Malicious Python Package Mimics Parsimonious Parser
A sophisticated typosquatting attack targeting Python developers through a malicious package named “parsimonius” on the Python Package Index (PyPI). The rogu...