Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
SecurityWeek

Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant

A Chrome vulnerability allowed malicious extensions to hijack the browser’s Gemini Live assistant to spy on users and ...
InfoWorld

Three web security blind spots in mobile DevSecOps pipelines

Mobile platforms operate under fundamentally different trust assumptions than we relied on for web security. Your mobile ...
Decrypt

We Talked to an AI Trained on Jeffrey Epstein’s Emails. Here's What It Said

Someone fine-tuned an AI on the Jeffrey Epstein email dump. We ran it locally. It called us "goyim" and invited us to a party ...

How Deepfakes and Injection Attacks Are Breaking Identity Verification

Deepfakes and injection attacks are targeting identity verification moments, from onboarding to account recovery. Incode explains why enterprises must validate the full session—media, device integrity ...
InfoQ

OpenAI Codex-Spark Achieves Ultra-Fast Coding Speeds on Cerebras Hardware

In a major shift in its hardware strategy, OpenAI launched GPT-5.3-Codex-Spark, its first production AI model deployed on ...
SecurityWeek

OpenClaw Vulnerability Allowed Malicious Websites to Hijack AI Agents

An OpenClaw vulnerability allowed malicious websites to take over AI agents, exposing sensitive information and enabling data ...