Published on: 2025-06-07 08:00:00
In the near future one hacker may be able to unleash 20 zero-day attacks on different systems across the world all at once. Polymorphic malware could rampage across a codebase, using a bespoke generative AI system to rewrite itself as it learns and adapts. Armies of script kiddies could use purpose-built LLMs to unleash a torrent of malicious code at the push of a button. Case in point: as of this writing, an AI system is sitting at the top of several leaderboards on HackerOne—an enterprise bug
Keywords: ai code like llms malicious
Find related items on AmazonPublished on: 2025-06-09 00:29:46
Mozilla has developed a new security feature for its add-on portal that helps block Firefox malicious extensions that drain cryptocurrency wallets. According to a recent blog post, Mozilla's new security system creates risk profiles for each submitted wallet extension and triggers automated risk alerts if a pre-defined threshold is exceeded. These alerts will prompt human reviewers to take a closer look and remove malicious extensions from the store before they're used to drain more victims' c
Keywords: crypto extensions malicious wallet wallets
Find related items on AmazonPublished on: 2025-06-13 00:55:30
Joe Maring / Android Authority TL;DR Google is beginning to introduce the Advanced Protection mode feature to users on Android 16 QPR1 Beta 1. Advanced Protection is a one-click toggle for enhanced security measures on the entire device, including theft protection, network security, app restrictions, and more. Once Advanced Security is enabled, individual settings cannot be adjusted. Sometimes your worst enemy is yourself. Or maybe you just want some extra protection on your device to keep y
Keywords: advanced device malicious protection security
Find related items on AmazonPublished on: 2025-06-13 16:43:00
rob dobi/Getty Images A couple of weeks ago, I had the opportunity to use Google's Jules AI Agent to scan through the entire code repository of one of my projects and add a new feature. The AI took about 10 minutes. All told, it took under 30 minutes to use the AI, review its changes, and ship the new feature. At the time, I was wildly impressed. The more I've thought about it, the more worried I've become. Also: 96% of IT pros say AI agents are a security risk, but they're deploying them any
Keywords: access ai code lines malicious
Find related items on AmazonPublished on: 2025-06-28 18:13:34
A Google Chrome Web Store campaign uses over 100 malicious browser extensions that mimic legitimate tools, such as VPNs, AI assistants, and crypto utilities, to steal browser cookies and execute remote scripts secretly. The extensions offer some of the promised functionality, but also connect to the threat actor's infrastructure to steal user information or receive commands to execute. Additionally, the malicious Chrome extensions can modify network traffic to deliver ads, perform redirections,
Keywords: chrome com extensions malicious vpn
Find related items on AmazonPublished on: 2025-07-24 23:13:16
A supply-chain attack targets Linux servers with disk-wiping malware hidden in Golang modules published on GitHub. The campaign was detected last month and relied on three malicious Go modules that included “highly obfuscated code” for retrieving remote payloads and executing them. Complete disk destruction The attack appears designed specifically for Linux-based servers and developer environments, as the destructive payload - a Bash script named done.sh, runs a ‘dd’ command for the file-wipi
Keywords: data github linux malicious modules
Find related items on AmazonPublished on: 2025-08-01 12:08:33
AI-generated computer code is rife with references to non-existent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages that can steal data, plant backdoors, and carry out other nefarious actions, newly published research shows. The study, which used 16 of the most widely used large language models to generate 576,000 code samples, found that 440,000 of the package dependencies they contained were “hallucinated,” m
Keywords: code hallucinations malicious package software
Find related items on AmazonPublished on: 2025-08-05 09:15:43
AI-generated computer code is rife with references to non-existent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages that can steal data, plant backdoors, and carry out other nefarious actions, newly published research shows. The study, which used 16 of the most widely used large language models to generate 576,000 code samples, found that 440,000 of the package dependencies they contained were “hallucinated,” m
Keywords: code existent malicious package software
Find related items on AmazonPublished on: 2025-08-08 08:35:00
The cybersecurity world is full of jargon and lingo. At TechCrunch, we have been writing about cybersecurity for years, and we frequently use technical terms and expressions to describe the nature of what is happening in the world. That’s why we have created this glossary, which includes some of the most common — and not so common — words and expressions that we use in our articles, and explanations of how, and why, we use them. This is a developing compendium, and we will update it regularly.
Keywords: access data hackers malicious security
Find related items on AmazonPublished on: 2025-08-13 16:02:12
Phishing attacks remain a huge challenge for organizations in 2025. In fact, with attackers increasingly leveraging identity-based techniques over software exploits, phishing arguably poses a bigger threat than ever before. With MFA-bypassing phishing kits the new normal, capable of phishing accounts protected by SMS, OTP, and push-based methods, detection controls are being put under constant pressure as prevention controls fall short. A key challenge with phishing detection is that based on
Keywords: attacks email malicious page phishing
Find related items on AmazonPublished on: 2025-08-19 20:44:40
The Interlock ransomware gang now uses ClickFix attacks that impersonate IT tools to breach corporate networks and deploy file-encrypting malware on devices. ClickFix is a social engineering tactic where victims are tricked into executing dangerous PowerShell commands on their systems to supposedly fix an error or verify themselves, resulting in the installation of malware. Though this isn't the first time ClickFix has been linked to ransomware infections, confirmation about Interlock shows an
Keywords: clickfix interlock malicious ransomware sekoia
Find related items on AmazonPublished on: 2025-08-22 14:00:21
Damn Vulnerable Model Context Protocol (DVMCP) A deliberately vulnerable implementation of the Model Context Protocol (MCP) for educational purposes. Overview The Damn Vulnerable Model Context Protocol (DVMCP) is an educational project designed to demonstrate security vulnerabilities in MCP implementations. It contains 10 challenges of increasing difficulty that showcase different types of vulnerabilities and attack vectors. This project is intended for security researchers, developers, and
Keywords: challenges malicious mcp project tool
Find related items on AmazonPublished on: 2025-08-24 00:43:00
In context: Prompt injection is an inherent flaw in large language models, allowing attackers to hijack AI behavior by embedding malicious commands in the input text. Most defenses rely on internal guardrails, but attackers regularly find ways around them – making existing solutions temporary at best. Now, Google thinks it may have found a permanent fix. Since chatbots went mainstream in 2022, a security flaw known as prompt injection has plagued artificial intelligence developers. The problem
Keywords: camel language malicious models untrusted
Find related items on AmazonPublished on: 2025-09-11 00:17:13
A technique that hostile nation-states and financially motivated ransomware groups are using to hide their operations poses a threat to critical infrastructure and national security, the National Security Agency has warned. The technique is known as fast flux. It allows decentralized networks operated by threat actors to hide their infrastructure and survive takedown attempts that would otherwise succeed. Fast flux works by cycling through a range of IP addresses and domain names that these bot
Keywords: actors domain flux malicious records
Find related items on AmazonPublished on: 2025-09-14 08:46:50
A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen from a SpotBugs workflow, which allowed a threat actor to compromise multiple GitHub projects. The popular static analysis tool SpotBugs was breached in November 2024, leading to the compromise of Reviewdog, which subsequently led to the infection of tj-actions/changed-files. The multi-step supply chain attack eventually exposed secrets in 218 repositories, while the late
Keywords: actions attack attacker chain malicious
Find related items on AmazonPublished on: 2025-09-20 20:06:04
Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection. The technique was first observed by security researchers at Sucuri in February 2025, but adoption rates are on the rise, with threat actors now utilizing the folder to run three distinct types of malicious code. "The fact that we've seen so many infections inside mu-plugins suggests that attackers are actively targeting this directory as a persis
Keywords: code malicious mu page plugins
Find related items on AmazonPublished on: 2025-09-21 02:20:38
The cr.yp.to blog 2014.02.05: Entropy Attacks! The conventional wisdom says that hash outputs can't be controlled; the conventional wisdom is simply wrong. The conventional wisdom is that hashing more entropy sources can't hurt: if H is any modern cryptographic hash function then H(x,y,z) is at least as good a random number as H(x,y), no matter how awful z is. So we pile one source on top of another, hashing them all together and hoping that at least one of them is good. But what if z comes f
Keywords: entropy malicious random randomness source
Find related items on AmazonPublished on: 2025-09-24 16:22:41
Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers' systems. The campaign targeted multiple cryptocurrency-related packages, and the popular 'country-currency-map' package was downloaded thousands of times a week. The malicious code was discovered by Sonatype researcher Ali ElShakankiry and is found in two heavily obfuscated scripts, "/scripts/launch.js" and "/scripts/diagnostic-report.js," which execute
Keywords: downloads malicious npm packages version
Find related items on AmazonPublished on: 2025-09-25 16:43:38
WhataWin/Getty Images On March 10, X experienced multiple outages, with tens of thousands of users reporting the social site was down for them. Later that day, after multiple failures, X came back online. What caused this? While the pro-Palestinian hacking collective known as Dark Storm Team claimed responsibility on Telegram for a distributed denial of service (DDoS) attack against X, we can't be sure they're responsible. Also: Microsoft's new AI agents aim to help security pros combat the l
Keywords: attack attacks ddos malicious traffic
Find related items on AmazonPublished on: 2025-09-27 07:53:47
Unlike some other public repositories, the npm package repository is never really quiet. And, while there has been some decline in malware numbers between 2023 and 2024, this year's numbers don’t seem to continue that downward trend. Still, while RL has detected some interesting npm malware so far this year, none of it warranted a detailed writeup. Then March rolled around, and two very interesting packages were published on npm: ethers-provider2 and ethers-providerz. These were simple downlo
Keywords: ethers malicious npm package provider2
Find related items on AmazonPublished on: 2025-10-03 23:16:09
A new phishing campaign is targeting SEO professionals with malicious Semrush Google Ads that aim to steal their Google account credentials. Malwarebytes researcher Jerome Segura and SEO strategist Elie Berreby believe that the threat actor is after Google Ads accounts that would enable them to create new malvertising campaigns. This type of “cascading fraud” has been gaining traction recently, as Malwarebytes uncovered in January a similar operation where fake Google Ads hosted on Google Site
Keywords: ads campaign google malicious semrush
Find related items on AmazonPublished on: 2025-10-14 06:19:29
Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. The campaigns were discovered by Proofpoint researchers, who characterized them as "highly targeted" in a thread on X. The malicious OAuth apps in this campaign are impersonating Adobe Drive, Adobe Drive X, Adobe Acrobat, and DocuSign. Malicious OAuth apps Source: Proofpoint These apps request access to less sensitive permiss
Keywords: apps malicious microsoft oauth proofpoint
Find related items on AmazonPublished on: 2025-10-12 03:00:00
Microsoft is warning that an ongoing phishing campaign impersonating Booking.com is using ClickFix social engineering attacks to infect hospitality workers with various malware, including infostealers and RATs. The campaign started in December 2024 and continues today, targeting employees at hospitality organizations such as hotels, travel agencies, and other businesses that use Booking.com for reservations. The threat actors' goal is to hijack employee accounts on the Booking.com platform and
Keywords: booking clickfix com malicious microsoft
Find related items on AmazonPublished on: 2025-10-20 15:51:00
In a nutshell: A new cyber threat tactic has emerged, leveraging social engineering to trick users into infecting their own systems with malware. Recently highlighted by Malwarebytes, this method disguises malicious tools as CAPTCHA requests. In reality, these files – often media or HTML-based – are designed to steal personal information or function as remote access trojans. The attack typically begins when visitors to a website are prompted to verify they are not robots, a common practice that
Keywords: command malicious malware verification websites
Find related items on AmazonPublished on: 2025-10-21 14:42:19
Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus. The packages, which have been downloaded 330 times, are designed to steal account credentials, deploy backdoors on compromised systems, and extract sensitive cryptocurrency information. The Socket Research Team discovered the campaign, which linked it to previously known Lazarus supply chain operations. The threat group is known for pushing malicious packages i
Keywords: code malicious malware package packages
Find related items on AmazonPublished on: 2025-10-29 09:11:16
A malicious Python Package Index (PyPI) package named "set-utils" has been stealing Ethereum private keys through intercepted wallet creation functions and exfiltrating them via the Polygon blockchain. The package disguises itself as a utility for Python, mimicking the popular "python-utils," which has over 712 million downloads, and "utils," which counts over 23.5 million installs. Researchers from the developer cybersecurity platform Socket discovered the malicious package and reported that
Keywords: ethereum malicious package stolen utils
Find related items on AmazonPublished on: 2025-10-29 22:19:53
A newly devised "polymorphic" attack allows malicious Chrome extensions to morph into browser extensions, including password managers, crypto wallets, and banking apps, to steal sensitive information. The attack was devised by SquareX Labs, which warns of its practicality and feasibility on the latest version of Chrome. The researchers have responsibly disclosed the attack to Google. Shape-shifting Chrome extensions The attack begins with the submission of the malicious polymorphic extension
Keywords: chrome extension extensions malicious squarex
Find related items on AmazonPublished on: 2025-11-03 14:17:18
A previously undocumented polyglot malware is being deployed in attacks against aviation, satellite communication, and critical transportation organizations in the United Arab Emirates. The malware delivers a backdoor called Sosano, which establishes persistence on the infected devices and allows the attackers to execute commands remotely. The activity was discovered by Proofpoint in October 2024, which states that the attacks are linked to a threat actor named 'UNK_CraftyCamel.' While the cam
Keywords: archive file malicious pdf proofpoint
Find related items on AmazonPublished on: 2025-11-05 06:06:50
Kaspersky Global Research & Analysis Team (GReAT) discovered hundreds of open source repositories with multistaged malware targeting gamers and cryptoinvestors within a new campaign that was dubbed by Kaspersky as GitVenom. The infected projects include an automation instrument for interacting with Instagram accounts, a Telegram bot that enables the remote management of Bitcoin wallets and a crack tool to play the Valorant game. All of this alleged project functionality was fake, and cybercrimin
Keywords: code kaspersky malicious repositories research
Find related items on AmazonPublished on: 2025-11-14 23:10:49
Microsoft has removed two popular VSCode extensions, 'Material Theme – Free' and 'Material Theme Icons – Free,' from the Visual Studio Marketplace for allegedly containing malicious code. The two extensions are very popular, having been downloaded nearly 9 million times in total, with users now receiving alerts in VSCode that the extensions have automatically been disabled. The publisher, Mattia Astorino (aka equinusocio), has multiple extensions on the VSCode marketplace, totaling over 13 mil
Keywords: code extensions malicious microsoft theme
Find related items on AmazonGo K’awiil is a project by nerdhub.co that curates technology news from a variety of trusted sources. We built this site because, although news aggregation is incredibly useful, many platforms are cluttered with intrusive ads and heavy JavaScript that can make mobile browsing a hassle. By hand-selecting our favorite tech news outlets, we’ve created a cleaner, more mobile-friendly experience.
Your privacy is important to us. Go K’awiil does not use analytics tools such as Facebook Pixel or Google Analytics. The only tracking occurs through affiliate links to amazon.com, which are tagged with our Amazon affiliate code, helping us earn a small commission.
We are not currently offering ad space. However, if you’re interested in advertising with us, please get in touch at [email protected] and we’ll be happy to review your submission.