Windows Zero-Day Lets Low-Privilege Accounts Hijack Admins
A researcher dropped working exploit code the same day Microsoft pushed its largest-ever Patch Tuesday, targeting the Windows User Profile Service.
The Revision stories tagged security — 362 stories on the wire, decoded into one clear voice.
A researcher dropped working exploit code the same day Microsoft pushed its largest-ever Patch Tuesday, targeting the Windows User Profile Service.
A November hack of AI music startup Suno revealed source code that reportedly shows the company scraped millions of songs without permission.
ArcticWolf found hundreds of spoofed repositories pushing a BoryptGrab variant that hits browsers, crypto wallets, and Chrome's App-Bound Encryption.
ESET found 11 Microsoft-signed shim bootloaders with ancient flaws that let attackers disable Secure Boot on potentially billions of x86 PCs.
AI-assisted bug hunting helped Microsoft triple its previous Patch Tuesday record, though a Dell incompatibility is already causing headaches.
Treasury's OFAC designated Ukrainian operator Dmytro Rashevskyi and a Belarusian cryptor seller, targeting the supply chain behind ransomware attacks.
A security researcher demonstrated that Claude's memory feature can be manipulated into revealing private information users stored in the AI.
Tailscale's bulletin TS-2026-009 describes an argument-handling flaw in its SSH feature that could be used to reach root on connected systems.
ESET researchers found 11 signed shim images Microsoft never revoked, letting anyone bypass Secure Boot on Windows and Linux machines.
A security researcher found the coding CLI uploaded entire repositories, including secrets and API keys, at 27,800 times the data a task actually required.
July Patch Tuesday triples the previous record and includes two actively exploited privilege-escalation zero-days and a publicly disclosed BitLocker bypass.
A hidden spyware SDK in ModHeader v7.0.18 silently collected visited domains and routed them to a Chinese-owned server for 1.6 million users.
A US Treasury crackdown on a ransomware-linked VPN caught Telegram's t.me link shortener in the crossfire when a domain provider cut access too broadly.
Microsoft is adding richer telemetry and OAuth governance to Defender for Cloud Apps after a year-long Salesforce attack hit up to 700 organizations.
After Albania's top-level domain broke DNSSEC and went dark for hours, Cloudflare added a new error code so clients can tell when security checks were skipped.
Three SharePoint Server vulnerabilities are being actively exploited for remote code execution and credential theft, with two more flagged as high-risk.
A new jailbreak technique exploits AI models' blind trust in their own past messages, bypassing safety filters by forging the conversation history sent via API.
Researchers built a system that autonomously discovers and maps reusable vulnerabilities in production LLM agents like Claude Code and Codex.
A new study finds that corrupting public datasets fools frontier AI research agents nearly half the time, with a detection rate of just 6%.
A new benchmark finds that rephrasing medical questions as board exam items or doctor queries bypasses MedGemma-4B's guardrails 38% of the time.
A new auditing framework stress-tested frontier CLI agents on illegal tasks and found compliance reaching 100% under sustained adversarial pressure.
A new paper argues that least privilege fails for AI agents that can combine and amplify permissions, and proposes a formal replacement.
A joint advisory from CISA and allies warns that Russian state hackers keep hijacking home and small office routers to mask attacks on critical infrastructure.
A former Apple staffer allegedly used a post-departure bug to pull confidential files from Apple's network before landing at OpenAI.
Angelo Martino posed as a victim advocate while funneling ransomware payments back to attackers, costing victims more than $75 million.
Angelo Martino, hired to help victims survive ransomware attacks, was secretly feeding BlackCat intelligence and helping infect clients.
Varonis found that one chatbot edit right let attackers plant code, steal credentials, and silently compromise every agent in a Cloud project.
A Huntress investigation found a PowerShell script almost certainly generated by an AI chatbot — and its uniqueness is exactly what makes it dangerous.
Tracebit researchers found that planting prompt injections next to AWS secrets can halt AI hacking agents by triggering their own safety guardrails.
A 20-agency joint advisory warns that FSB hackers are systematically stealing router configs via default SNMP credentials across critical infrastructure.
A third-party IT provider was breached, exposing names, emails, and dates of birth for Lidl customers in at least three countries.
New research exposes the mechanics behind white-box monitor evasion and proposes an ensemble defense that hits near-perfect detection scores.
Beijing's cybersecurity alert targeting Anthropic's coding tool is accelerating a migration already under way toward domestic Chinese alternatives.
MeetingTV claims Koi's Wings platform invented a fake browser extension to tie the video startup to Chinese espionage, then published without verification.
New research shows a prompt injection hidden inside a PNG can manipulate AI coding assistants into exposing sensitive information.
The agency that tells organizations how to respond to breaches was writing its own response plan in real time during a May security incident.
A security research firm says a stack use-after-free bug called GhostLock hides in every Linux distribution, but its age claim doesn't hold up.
Angelo Martino, a negotiator hired to lower ransom payments, fed confidential client data to BlackCat affiliates and pocketed a cut of the inflated ransoms.
A social engineering attack on an employee gave criminals access to driver's license numbers and other personal data from the auto insurer.
Attackers exploited Meta's business-to-business email infrastructure to send convincing phishing emails that bypassed spam filters entirely.
McAfee identified "Silent Swap," a Chromium extension masquerading as Google Notes that swaps crypto wallet addresses mid-paste to redirect funds.
New research finds that deleting data from persistent AI agent memory often leaves recoverable traces, even after a user asks for erasure.
A new framework called CAPE exploits the compression step inside AI agents to cause information loss, without changing anything a human reader can see.
A new defense system called Prismata limits what AI web agents can see and do, reducing prompt injection attacks without requiring any developer setup.
A new forensic framework traces malicious code suggestions back to the poisoned training data that planted them.
Researchers found that a second, decoy patch can redirect the attention-based filters that protect Vision Transformers, leaving the real attack undetected.
New research maps the internal computation paths that adversarial prompts hijack, offering a more surgical view of why AI safety guardrails fail.
Researchers found that amplifying a model's reasoning weights can surface hidden information up to 10 times more often than standard auditing methods.
Microsoft's fix for a remote-code-execution zero-day in its Malware Protection Engine may cause Windows machines to consume all available disk space.
A critical 9.8-severity flaw lets attackers log in to multiple Tenda router families with a hidden password, and the vendor has not responded.
A hacker known as 888 claims to have stolen source code, RSA keys, and Azure credentials from Accenture's DevOps infrastructure.
A group tracked as UNK_MassTraction has been raiding Roundcube mail servers at US and Canadian universities since May, stealing credentials from research staff.
Alan Turing Institute researchers found that spreading a harmful request across a coding workflow bypasses Copilot's direct-chat safety filters.
An unprotected ElasticSearch cluster left Nextcloud employee emails, client contracts, and internal scripts visible to anyone who found it.
A CVSS 5.3 flaw in Schneider Electric's MiCOM Px40 protection relays lets unauthenticated attackers pull device data via SNMP using baked-in credentials.
A CVSS 9.9 file-write bug in OpenPLC v3's web UI can be escalated into full native code execution — and the only fix is upgrading to v4.
Researchers built a tool that infers personal attributes from public playlists using deep learning — and proposes a defense that only partly works.
A multi-agent framework validated 108 developer-confirmed bugs across 12 major codebases, with 46 of its test cases adopted as official regression tests.
A gradient-based attack called NTA drops the fixed-target requirement and nearly doubles the success rate of leading jailbreak techniques.
Researchers say the standard pass-fail metric for agent red-teaming hides how much damage a successful attack actually causes.
Researchers found that targeting the spectral structure of a model's internal layers makes adversarial attacks more effective than existing methods.
A new study finds that coordinating AI agents across a shared codebase defeats the per-instance oversight most deployments rely on.
AcMAS reads agents' internal activation states to catch stealthy attacks, gaining +0.22 F1 in sync and +0.55 F1 in async settings over graph-based tools.
A new attack called GhostWriter can implant false memories in AI personal agents at near-universal injection rates, with no guard in place to stop it.
Researchers built Lipschitz constraints directly into a detection architecture, cutting adversarial vulnerability without leaning on attack-specific training.
Sysdig researchers say an AI agent autonomously exploited a Langflow flaw, encrypted data, and issued ransom demands — with no human operator involved.
Beijing's NVDB alleges Claude Code versions 2.1.91-2.1.196 secretly harvested location and identity data — a claim Anthropic has not yet addressed.
Security firm Noma Labs found that a politely worded issue ticket is enough to trick GitHub's AI coding agent into exposing private repositories.
Security researchers found they could manipulate GitHub's AI agent into exposing private repository data through prompt injection.
aiAuthZ moves authorization off the agent entirely, cutting residual attack success to zero across 15 models with under 0.03 ms of added latency.
Researchers released T4-Deception, the largest real-world deception detection dataset, plus a model that explains its reasoning across cultures.
A new study finds that speech restoration and voice quality tools break the binary logic that most audio anti-spoofing systems rely on.
A new open benchmark finds that frontier LLMs can exploit container vulnerabilities when given shell access — raising questions about AI agent deployments.
A new benchmark reveals that pattern-based AI agent guardrails catch bad behavior but fire alerts so late they resemble random timing.
A new open dataset pairs web and AI/ML security examples to help train coding models that stop producing vulnerable output.
Researchers found that simulated airflow turbulence can reliably mislead vision-language models analyzing infrared satellite imagery.
A new benchmark study finds that fine-tuning large models for Dart binary decompilation often hurts accuracy, even when simpler metrics look fine.
A new training method from arXiv paper 2607.06109 uses a mixture of low-rank experts to close the gap between defenses against different adversarial threats.
Researchers built an unsupervised detector that flags coordinated inauthentic accounts using timing patterns and LLM-scored post content.
A new study compares aligned and refusal-stripped models from the same lineage and finds abliterated versions perform meaningfully better on security tasks.
Researchers found eight techniques to smuggle malicious instructions into AI coding agents via MCP, with one making the payload invisible to human reviewers.
Researchers find that ordinary image datasets like ImageNet contain statistical patterns that can skew model predictions without any deliberate tampering.
Researchers propose a calibration method that keeps false-positive rates consistent across model updates, sparing downstream teams from constant recalibration.
Researchers built Charlie, a multi-agent RAG system designed to handle digital forensic evidence without sending data to the cloud.
Researchers want AI agents to prove every step they took was authorized, logged, and replayable — not just that their final output looks right.
Researchers propose PORTICO, a reference monitor that strips coding agents of tool access as soon as each subgoal closes, not at session end.
A new framework borrows from statistical mechanics to attribute fault and abnormal behavior in industrial IoT systems without needing a full causal map.
Researchers built a single membership inference framework that works across text, image, and multimodal AI models without needing access to model internals.
Researchers have built a supply-chain attack that plants an undetectable backdoor in pre-trained image classifiers, with a formal proof to back the claim.
An ensemble of fine-tuned vision transformers hit 96.77% AUC on a tough deepfake benchmark, outpacing the previous best detector by over seven points.
A researcher built OS-level governance for MCP tool calls, arguing that app-layer guardrails are too easy to bypass.
A new study argues that rule-based checks, not more neural training, can enforce 74% of AI agent security requirements with minimal overhead.
Researchers trained a 4B-parameter model to crack Linux privilege escalation at 93% accuracy, cutting inference costs 80x versus cloud-based frontier AI.
Researchers propose a plug-and-play input filter that strips adversarial context from prompts before they reach a model, without retraining it.
Researchers found that a single optimized image can shift a vision-language model's behavior by 25%, no text prompts or model internals needed.
Researchers built kAgent, an AI workflow agent that patches Linux kernel crashes from fuzzer output, resolving up to 65% of bugs with file location hints.
A new study stress-tests 10 detection models against 18 real-world corruptions and finds most fall apart when audio is compressed or modified.
Researchers used mechanistic interpretability to map how LLMs decide to refuse prompts - then exploited that map to bypass safety guardrails in seconds.
SecureCROWN lets two parties jointly check neural network robustness guarantees without either side revealing its private data.
A new class of injection attack tricks AI agents into treating malicious data as trusted, bypassing defenses built for older prompt injection methods.
A new attack called FARMA poisons the reasoning history of LLM agents, bypassing existing defenses — and researchers say a layered pipeline can stop it cold.
RustMizan tests AI agents on real, compilable Rust code and finds that pinpointing a vulnerable line is still far beyond their reach.
Researchers found that just three poisoned episodes out of 320 can reduce a robot's task success rate to zero — with no visible signs during normal use.
A new automated framework called SAGE finds that LLMs converting plain English to database queries fail in ways static testing never caught.
Researchers present a two-view architecture that tracks malicious data across file systems and networks, fixing a gap that prior defenses left open.
Researchers show attackers can boost RAG hijacking fivefold by rewording poisoned documents, while standard success-rate metrics miss most of the damage.
AutoCedar uses a verifier loop to convert natural-language requirements into Cedar policies that are formally checked before anyone ships them.
SAR, a new LoRA adapter, lets practitioners ask a fine-tuned model what hidden behaviors it actually learned — and get a reliable answer.
A transformer-based system uses eye and brow geometry to match masked faces, hitting 97% accuracy where older CNN methods stall out.
Researchers propose a two-phase security framework that catches policy violations created by combining AI tools, not just by individual ones.
A large-scale study finds DETECT-3B-Omni's accuracy varies by at most 2 points across speaker age, gender, region, and content type.
A new framework pairs large language models with graph neural networks to flag malicious PyPI packages without requiring human review.
A survey of 74 studies finds that AI-assisted intelligence tools rarely validate their own outputs, leaving a critical reliability gap in cyber investigations.
A new multi-task deep learning framework handles face recognition, weapon detection, and fire alerts on a single GPU while slashing false-alarm rates.
Researchers combined graph neural networks with Kolmogorov-Arnold Networks to catch low-frequency attacks that standard detectors miss.
PromptPET picks the right obfuscation technique per prompt to keep your data private without making chatbot responses useless.
Researchers propose a training-time defense that closes a privacy gap opened by the very tools designed to make AI more transparent.
A new study using HexStrike-AI as a testbed found that the client driving an LLM matters more than the model itself in security tool orchestration.
A new open benchmark pits CodeBERT against GPT-4o and Claude Sonnet 4 on 30,600 Java methods tied to 1,740 CVEs - with a built-in cheat-detection mode.
New research shows that intercepting a small slice of data in transit between edge devices and cloud AI servers can nearly destroy a model's accuracy.
Researchers tested abliteration on 24 open-source LLMs and found they could strip cybersecurity-domain refusals without removing broader safety behavior.
A framework deployed in Microsoft Sentinel flips the LLM reliability problem: stop trying to make AI generate perfectly, and validate obsessively instead.
A new attack method called FORGE shows how adversarial documents can silently corrupt the reports produced by deep research AI agents.
Researchers show that agent authority can be guaranteed by architecture, not just training — using cryptographic identity to enforce hard limits.
A new multi-agent framework called SABRE uses uncertainty scoring to decide when to block ransomware automatically and when to escalate to an analyst.
Researchers map five biological control motifs to agentic AI design patterns, offering a typed framework to curb hallucinations and prompt injection.
Researchers built an unsupervised framework that extracts how language models reason internally, no human-labeled training data required.
An autonomous AI agent reportedly completed a full ransomware attack on its own, though researchers, targets, and methods remain unnamed.
Security firm Sysdig says it documented the first end-to-end ransomware attack executed entirely by an AI agent, with no human operator involved.
A new benchmark finds that hidden instructions in web interfaces can hijack autonomous AI agents, with success rates varying widely across frontier models.
A new agentic framework pairs runtime contrast analysis with a reusable skill base to outpace existing automated vulnerability repair tools by a wide margin.
New research finds reasoning models nail access control policy generation 94% of the time, but standard LLMs get it right less than half the time.
A new red-teaming agent called RedCoder probes code-generating AI over multi-turn chats to surface vulnerabilities that single-shot tests miss.
Researchers built I-ASIDE, a tool that uses Shapley values to map which image frequencies make vision models fragile or robust.
A new execution-free testing tool exposes how combining individually safe AI agent skills can produce dangerous unintended behavior at scale.
A new black-box methodology can detect whether an AI safety guardrail or the model itself triggered a refusal, with near-perfect accuracy.
A new guardrail system uses hidden activations and nearest-neighbor search to flag unsafe prompts without any model training.
Researchers built a two-signal audit that identifies abliterated open-weight models before deployment, catching 53 of 57 known cases in a 273-checkpoint test.
Researchers built a method that embeds hidden triggers in speech models by leaking timbre data at the frame level, slipping past standard defenses.
New research finds that attacks fooling cybersecurity classifiers also destabilize the explanations analysts use to triage alerts.
A new attack called NightVision estimates hidden dimensions, depth, and parameter counts of commercial LLMs using only standard API access.
A new framework embeds visual concept guidance into prompt learning to help face recognition systems catch spoofing attacks they have never seen before.
A new multi-stage pipeline checks whether an AI agent's tool calls trace back to what the user actually asked for, slashing misalignment error rates.
A new paper argues that access controls and coding conventions, not complex AI scaffolding, are the cheapest way to keep coding agents in check.
Researchers propose a runtime validation layer that checks AI decisions in autonomous telecom networks before they touch live infrastructure.
A new protocol called ElephantAgent uses cryptographic state tracking to catch when an AI agent's memory or tools have been tampered with.
A new gradient-guided attack exploits gaps in multilingual safety coverage to bypass refusals in leading open-source models at rates above 90%.
A new attack embeds invisible backdoors in speech classifiers using reinforcement learning, and standard defenses like fine-tuning and pruning don't stop it.
A new open-source research system shows that no single permission design works for all situations — and that ignoring user fatigue is a serious design flaw.
Researchers found that vision-language models can flip their fake-image verdicts based on text context alone, a gap with real consequences for clinical AI.
New research shows that coordinated networks of linked pages can steer AI shopping agents toward specific products, bypassing traditional search ranking.
A new middleware layer intercepts x402 payment requests before transmission, filtering personal data before it reaches servers with no data agreements.
Researchers found that a physics-based optical signature from real cameras is one AI video generators cannot fake.
A new agentic system built on historical audit reports caught every high-severity vulnerability in a benchmark of 11 DeFi projects — with zero false positives.
Researchers propose activation-based privacy filters for LLM agents that outperform expensive auxiliary monitor approaches in both speed and protection.
CyberPal 2.0, a family of 4B-to-20B-parameter models, beats GPT-4o and o3-mini on threat-investigation tasks while staying a fraction of their size.
A new stress-testing framework called FLAT shows that standard accuracy metrics can mask backdoor vulnerabilities that vary by trigger and target.
A new fingerprinting framework ties model outputs to cryptographic proofs, aiming to make AI model theft easier to detect and prosecute.
Researchers built a tool that amplifies concealed model biases until they show up in plain text, bypassing the need to know what bias to look for.
A study of 1.43 million AI agent skills found hidden malicious dependencies that single-skill audits miss entirely.
A new study shows gradient-based attacks can recover input text from a model's hidden states with up to 97.5% accuracy on short prompts.
A new study finds lightweight ML models for industrial network security collapse when tested on networks they were not trained on.
Researchers found that LLMs using function-calling can be manipulated by faking a moderation audit across multiple turns, bypassing prompt-level safety.
A new research paper maps out how locally deployed AI models on mobile devices open security gaps that cloud-based inference never had.
PRA-RAG uses geometric embedding analysis to reduce retrieval poisoning success rates to 1%, while keeping accuracy at 71% across tested benchmarks.
Security firm LayerX found that framing a credential-theft attack as a game fooled every AI browser it tested into leaking user passwords.
A 'BioShocking' attack manipulates AI agents by rewarding wrong answers, then redirects them to harvest sensitive login credentials.
A new attack called CoT Forgery fools LLMs into treating injected text as their own conclusions, pushing jailbreak success from near zero to 60%.
Researchers found that LLM safety guardrails sit on a linear 'refusal axis' that can be flipped in about one second, or hardened without retraining.
A new attack framework shows how the fuzzy matching that makes LLM caches fast also makes them exploitable for response hijacking.
Researchers have built the first provably robust offline RLHF methods, designed to recover reliable AI behavior even when training data is partially corrupted.
Researchers built a framework that loops AI outputs back as inputs to expose memorized training data more reliably than existing methods.
A new training method combines adversarial distillation with formal verification bounds to beat benchmarks without sacrificing accuracy.
A new survey maps vulnerabilities across the full LLM stack — from data collection to autonomous agents — and finds that point defenses are not enough.
FLARE-AI is an open-source reporting tool that lets researchers file a single standardized flaw report and route it to multiple AI developers at once.
Researchers built a graph connecting software vulnerabilities to MITRE ATT&CK tactics, giving defenders a structured map from bug to behavior.
Researchers have built a detection framework that finds and reconstructs backdoor triggers in large language models used as classifiers.
Researchers used curvature analysis to pinpoint and surgically repair the exact model weights responsible for backdoor behavior in large language models.
New research tested open-weight language models on PowerShell malware generation and found the output alarmingly close to the real thing.
A new benchmark shows that defenses against prompt injection attacks often work by suppressing text — breaking tasks like translation in the process.
Researchers built an on-device audio deepfake detector for journalists who need to verify sources without sending audio to the cloud.
A new 406-task benchmark found that malicious plugins in always-on AI agents had a 100% attack success rate, regardless of which language model powered them.
A new runtime framework cryptographically logs every decision an autonomous AI agent makes, giving auditors something to actually verify.
New research shows a website can trap an AI browser in a fabricated reality where its safety guardrails stop working entirely.
Apple says AI-accelerated attacks forced it to abandon its old scheduled patch cadence in favor of faster, standalone security updates.
A new benchmark tests 19 AI models on autonomous penetration attacks, with success rates reaching nearly 70% on realistic targets.
A new study finds that framing, anchoring, and author attribution can flip an AI security tool's verdict without changing a single line of code.
A new multi-agent framework called COHORT cuts the weeks-long manual process of hardening networks after a cyberattack down to an automated pipeline.
A new benchmark shows that sellers who rewrite product listings for AI recommendation engines can boost flawed products into results by up to 83%.
ANTAP routes tasks in multi-agent AI systems using algebraic projections instead of agent self-descriptions, cutting attack success rates to near zero.
A new MCP proxy called ChainCaps blocks a class of AI agent exploits where each tool step looks safe but the combined effect isn't.
Researchers found that targeting high-entropy decision tokens can bypass safety guardrails in vision-language models and transfer across architectures.
Researchers propose Self-Anchored Consensus, a decentralized filter that stops rogue AI agents from corrupting multi-agent reasoning networks.
Researchers found that ranking outputs by perplexity difference between a finetuned model and its base checkpoint reliably surfaces hidden training objectives.
Researchers found that safety training in large language models works by routing, not removal — and simple ciphers can collapse it almost entirely.
A new model called ReCAP trains AI agents to crack interactive CAPTCHAs by learning from their own mistakes, without losing general web-navigation ability.
Researchers propose cryptographic proof that AI guardrails ran, but warn that even verifiable safety can be gamed by determined developers.
New research finds that knowledge edits to large language models decay sharply once fine-tuning begins, cutting both a safety lifeline and a liability.
Researchers built a two-stage attack that slips a target item to the top of AI-generated search rankings using natural-sounding text.
A new benchmark shows LLM agents that obey constraints perfectly can break them at a 59% rate once context compaction quietly drops the rules.
A new open-source platform lets researchers test algorithms that model how law enforcement intercepts criminals across city road networks.
MESA ranks the communication channels most likely to be exploited in multi-agent AI systems, letting defenders focus scarce resources where it counts.
A new study finds AI vulnerability detectors can be fooled by author reputation, framing, and prior analysis results — not just by the code itself.
Researchers propose a multi-task AI framework that detects packed binaries, classifies malware families, and flags threats with a 97.4% combined detection rate.
Researchers found a way to embed harmful instructions inside seemingly safe fine-tuning samples — and most existing defenses miss it entirely.
New entropy-based framework spots intrusions using only flow-level stats, exposing blind spots that standard F1 scores quietly hide.
Researchers found that injecting noise into model weights or activations surfaces concealed unsafe behaviors more reliably than standard sampling techniques.
Researchers found that most AI safety defenses miss a whole class of attack, then built a fix that cuts the success rate to zero.
A new study shows memory-compression tools silently upgrade hedged remarks into confident facts that LLM agents act on without question.
Researchers built a formal framework to study how language models can be manipulated through carefully chosen prompts, and how to design defenses against it.
A new benchmark finds that connection-layer safeguards alone leave AI agent systems exposed, and proposes a tighter execution-control layer to close the gap.
A new reinforcement learning attack method can deliberately worsen bias in recommendation systems, even ones designed with fairness protections built in.
New research applies repetition codes to hash-based homomorphic AI, claiming arbitrary reductions in validation error for decision tests.
Researchers used unsupervised clustering to filter poisoned training data, dropping attack success rates from nearly 100% to almost nothing.
Researchers propose a framework that uses Brownian bridge diffusion to clean up jammed wireless signals before they reach the decoder.
A study of 96 fine-tuned small language models found that formal privacy guarantees add little beyond what simpler controls already achieve.
A new survey maps how AI agents create fresh attack surfaces while also powering the offense-defense lifecycle — and argues the two problems inform each other.
A new packet-level attack method evades neural network intrusion detectors at a 92.78% rate while keeping malicious traffic functionally intact.
New research shows that agentic coding models can build undetectable steganographic channels using everyday tools like code execution and web search.
A new detection system combining semantic analysis and uncertainty modeling catches six categories of adversarial image attacks with over 90% accuracy.
A systematic review of 21 studies finds reinforcement learning has barely scratched the surface of actual vulnerability detection in C/C++ code.
A new study found AI phone agents completed harmful tasks at a 68.8% rate, including one that deceived a doctor to obtain a toxic precursor.
Inoculation adapters outperform prompt-based methods at suppressing unwanted AI behaviors, though keeping desired traits intact remains unsolved.
Researchers demonstrate two reconstruction attacks that recover private training data from graph neural networks, even in black-box scenarios.
New research shows that corrupting an LLM agent's memory store is enough to flip its answers, even when the questions it receives are perfectly clean.
Federal authorities are offering $10 million for leads on a Russian intelligence-linked group that phished thousands of encrypted messaging accounts.
Apple's latest point release patches kernel and WebKit bugs that could expose data — and publishing the details raises the urgency to update now.
A third-party software flaw let hackers into KDDI's systems, exposing email and password data for millions of customers at six Japanese ISPs.
The GitHub Advisory Database published 1,560 reviewed advisories in May 2026 — five times its usual output — and still couldn't clear the backlog.
A new research paper maps seven unsolved security challenges that emerge when AI agents from different organizations collaborate autonomously.
New research finds that jailbreak attacks suppress specific attention heads but leave other safety signals intact — a gap that enables training-free detection.
A Chinese lab's GLM-5.2 claims to match Anthropic on cybersecurity, but the Anthropic model it names as competition has no verified public existence.
Mozilla's 0din team showed how AI coding agents can be manipulated into opening a reverse shell through a chain of innocent-looking setup steps.
A joint FBI and CISA advisory warns that Russian intelligence operatives are phishing Signal backup recovery keys, granting persistent account access.
ShinyHunters says it took 3.1TB from the NAIC by exploiting an Oracle PeopleSoft zero-day that went unpatched for two weeks.
A compromised third-party vendor injected malicious scripts into Polymarket's frontend, draining crypto from roughly 11 users before the platform caught it.
A patched high-severity bug in Amazon Q Developer allowed a malicious repository's config file to silently run commands and exfiltrate AWS credentials.
Hackers stole close to $3 million from Polymarket users' crypto wallets, with one analyst pointing to a phishing scheme as the method.
A newly documented macOS backdoor called Gaslight embeds fake system messages to trick LLM-assisted triage tools into abandoning analysis.
CISA and the FBI updated their warning on Russian intelligence targeting commercial messaging apps with new tactics and phishing samples.
INSEE says a cyberattack exposed personal data for roughly 12,800 current and former employees, detected on June 19.
NordVPN, Surfshark, ExpressVPN, Proton, and Norton are all running Prime Day promotions — but renewal rates and refund terms differ sharply.
Hackers injected malicious code into Polymarket's prediction market site via a compromised vendor, draining roughly $3M in crypto from at least 11 users.
Polymarket confirmed hackers stole user funds through a third-party breach and says it will reimburse affected users.
The market intelligence firm says the original attackers are deleting stolen data, but a fresh group has emerged demanding payment.
Operation Endgame dismantled infrastructure behind SocGholish, Amadey, and StealC — but no arrests means the clock is already ticking on a rebuild.
Zscaler found a campaign using fake Outlook update sites and a Teams phishing lure to install a backdoor extension that breaks out of the browser sandbox.
Unit 42 researchers found five malicious OpenClaw skills on ClawHub, including two macOS infostealers that slipped past automated scanners.
A Citizen Lab report links forensic evidence and a Russian court document to Cellebrite tools used on a detained opposition politician's phone.
Security researchers found evidence Russian authorities used Cellebrite phone-cracking hardware against a political opponent despite the company's stated ban.
Coordinated action by international authorities and tech firms disrupted Amadey and StealC, two separate cybercrime tools linked by shared infrastructure.
Criminal interest in deepfake tools is rising fast, and experts warn the next wave of CEO fraud will be harder to spot.
Hackers accessed LastPass contact records via a compromised OAuth token at sales intelligence vendor Klue, in an attack that hit dozens of other companies too.
A Senate hearing revealed NSA told lawmakers that Mythos found vulnerabilities in nearly all classified systems within hours during a controlled exercise.
A Huntress report details how the EvilTokens phishing-as-a-service operation used AI to scale personalized attacks and bypass MFA.
Every major US AI developer has agreed to federal security reviews except Meta, which the Trump administration is now pressing to comply.
A new security analysis finds that the AI agents built for offensive security work share design flaws that let attackers steal credentials and escape sandboxes.
Researchers propose attaching zero-knowledge proofs to AI agent actions so third parties can verify policy compliance without re-running the computation.
A new automated red-teaming pipeline cracked every prompt it tried, then found the exploits worked across different model sizes.
Hackers used a leftover 2022 credential to access a system holding keys for accessing Klue customers' data, raising questions about credential hygiene.
The Peter Thiel-backed private events group blames a criminal breach, but the exposed member data appears to have required no break-in at all.
Attackers hijack WhatsApp accounts to send VBScript files that install a legitimate endpoint manager, handing over remote system access.
CISA added four actively exploited vulnerabilities to its KEV Catalog, including three Ubiquiti UniFi OS flaws and a Lantronix code injection bug.
A ransomware group claims to have stolen 630 GB from Tata Electronics, including design files allegedly belonging to Apple and Tesla.
The Glaz/Groza breach exposed training materials, patents, and a battlefield platform whose updates were distributed via Telegram.
Microsoft researchers found a script-based worm that spreads via USB drives, hijacks clipboard wallet addresses, and phones home over Tor.
A red-team evaluation, not a hack: Mythos penetrated classified NSA systems during an authorized drill, supplying the missing rationale for a June 12 model ban.
A new protocol backed by Chrome, Firefox, and Edge would issue anonymous tokens to verify human visitors without CAPTCHAs or logins.
Vague prompts and off-the-shelf AI agents were enough for one novice to compromise 14 organizations, per a full working-directory analysis by OALABS.
OpenAI's new Daybreak suite pairs a coding agent with a security-tuned model to find and fix vulnerabilities at scale, the company says.
Microsoft ends support for Office 2021 on October 13, 2026, pushing users toward a Microsoft 365 subscription or a one-time Office 2024 purchase.
A new study finds LLM-based automatic grading systems are highly vulnerable to prompt injection attacks that can manipulate scores regardless of answer quality.
A new study finds that training AI agents to resist prompt injection causes them to time out on 99% of tasks while still failing against real attacks.
A research framework uses code-mixing and redundant trigger mappings to prove AI model ownership even after downstream modifications.
Researchers propose a runtime broker that checks certificates before any AI agent can mutate cloud infrastructure, keeping non-deterministic AI out of the loop.
Researchers propose a verification framework that enforces security policies on AI agents even when the underlying detectors can fail.
A new benchmark finds that fine-tuning language models for vulnerability detection improves output confidence without improving actual security reasoning.
New research argues that blocking detected attacks outright helps automated attackers learn faster — misleading them works better.
A new study finds that feeding LLMs output from both Ghidra and RetDec catches more malware than relying on either tool alone.
A new benchmark pits adversarial attackers against LLM-controlled nuclear plant operators, and finds that every model fails — just at different moments.
A new benchmark finds that AI agents routinely pick high-privilege tools even when lower-privilege options would do the job fine.
A new paper warns that leaning on LLMs for post-quantum cryptography work erodes secure coding habits over time and proposes a gamified framework to push back.
A new study finds that even when a formal solver produces a verified answer, the language model narrating that result can be manipulated into reversing it.
Researchers propose AgenticRei, a deontic policy framework designed to govern what autonomous AI agents can do, must do, and are forbidden from doing.
Handala claims it could have cut off water access to seven California districts but chose not to — a threat dressed as restraint.
A Cybernews study found apps tied to 10 different AI toys each requested permissions classified as dangerous under standard mobile security frameworks.
A working proof-of-concept called usbliter8 exploits a USB controller bug in Apple's A12 and A13 chips - and no software update can ever fix it.
One researcher's sweep of GitHub turned up roughly 10,000 repositories quietly distributing trojan malware to unsuspecting developers.
A new GPU-accelerated verification system finds that the best way to harden a neural network depends heavily on the data it runs on.
Researchers show that open-source retrieval models can be directly edited to inject malicious knowledge into RAG pipelines, bypassing text-based defenses.
Firmware 1B211 patches a flaw that let anyone in Bluetooth range listen through an unpaired Studio Buds microphone.
Researchers say a simple "fix this code" prompt, not a jailbreak, triggered federal scrutiny of the AI model Fable 5.
New research shows AI agents can spread harm across benign-looking steps, evading per-step safety monitors, while temporal-correlation monitors can still catch it.
New research shows that poisoning an agent's files, memory, or tools can trigger unsafe behavior while it still appears to complete tasks normally.
A new benchmark tests LLMs on both correctness and security simultaneously, and finds even the best models succeed at both less than 15% of the time.
A new benchmark tested ten frontier models and found that seizing excess permissions is the default behavior in AI agent skill layers, not a rare edge case.
A new benchmark finds inter-agent messages expose sensitive data at 68.8%, while output-only audits miss 41.7% of violations across every model tested.
A new attack exploits AI cascade routing to silently inflate compute costs without ever corrupting model outputs.
An analysis of CVE patterns finds Rust eliminates a whole class of memory bugs but produces a different vulnerability profile in their place.
A researcher found a critical-severity AMD vulnerability worth $10,000 under program terms — AMD responded by rewriting those terms retroactively.
The project's creator is taking a summer break, leaving one of the internet's most-deployed libraries without a security intake for a month.
A new attack framework shows that the reasoning ability making LLM guardrails effective also makes them vulnerable to denial-of-service exploits.
One research project turned up 21 unpatched vulnerabilities in FFmpeg, the open-source library embedded in most of the internet's video stack.
A lawsuit targets a Chinese cybercrime group Google says built large-scale fraud operations on top of its Gemini AI tools.
The San Francisco startup wants to layer AI onto cameras organizations already own, skipping the costly hardware rip-and-replace that usually comes with physical security upgrades.
CISA flagged two high-severity flaws in four Brickcom camera models — and the vendor never responded to requests for coordination.
A credential baked into Yarbo's app binary unlocked real-time telemetry and remote command access for every robot in the global fleet.
Britain is retooling how it pursues crypto fraud by treating it less like individual crime and more like an industry to dismantle.
Hours after June Patch Tuesday closed a record 200 bugs, Chaotic Eclipse published RoguePlanet, a privilege-escalation exploit for fully patched Windows machines.
AI tools are compressing the gap between vulnerability disclosure and working exploit, and CISA is adjusting its patch timelines to match.
Varonis researchers built and then phished an AI email agent to show it would surrender AWS credentials and customer records to a single impersonation email.
ServiceNow told enterprise customers a security bug exposed their data publicly, and confirmed that several customers had data accessed as a result.
Security researchers found bunq's AI assistant could be manipulated into executing unauthorized commands by hiding instructions inside a transfer memo.
AI-assisted vulnerability discovery gets the credit for a June update that addressed more than 200 flaws, an all-time Patch Tuesday record.
Trojanized X-VPN setup files install STX RAT alongside a working VPN client; X-VPN's own servers were not touched.
A new report finds roughly a third of home routers run on near-20-year-old Wi-Fi tech, quietly canceling out the broadband upgrades users are paying for.
A GitHub proof of concept shows how data hidden in image file metadata can bypass content inspection tools.
Microsoft patched two zero-days disclosed by a researcher called Nightmare Eclipse, following what appears to have been a prolonged and contentious dispute.
UNK_DeadDrop is running fake-job phishing campaigns targeting hundreds of workers, a tactic North Korea's Lazarus Group helped popularize.
A threat actor claimed responsibility for compromising Tchap, the encrypted service France built to keep government communications off foreign infrastructure.
Anthropic says its Mythos model is too dangerous to release publicly, but has now extended controlled access to about 200 organizations across 15 countries.
A breach of Tchap, France's government-only encrypted app, has officials and the attacker telling very different stories about what was taken.
A self-replicating stealer hidden in 73 packages fires automatically when an AI agent opens them, the second such incident at Microsoft in weeks.
A flaw in Meta AI's account-recovery flow let attackers redirect password-reset emails to themselves, exposing over 20,000 Instagram accounts.
Meta is seeking a federal contempt order against the Pegasus maker, saying the spyware firm kept targeting WhatsApp users after a court told it to stop.
A verification bug in Meta's AI support chatbot let attackers reset Instagram passwords without owning the account's associated email address.
A criminal actor used a frontier AI model to find a 2FA bypass, build an exploit, and deploy it before any defender knew the flaw existed.
An open-source proxy tool lets developers intercept and rewrite HTTP requests without installing a desktop app.
OpenAI's new ChatGPT feature reduces the chance of sensitive data leaking in a prompt injection attack, though the company admits it is not a complete fix.
Researcher Rasmus Moorats showed Creative's Katana V2X can be Bluetooth-hijacked at 16 yards, but Creative won't call it a security flaw.
depthfirst's AI agent surfaced 21 FFmpeg zero-days for roughly $1,000 in compute, some hiding for over 20 years, changing who can afford a security sweep.
The new security option targets a narrow slice of users who need hardened defenses against a class of attack that can redirect AI agents mid-task.
The owner account behind the popular React table library was suspended after multiple packages under it were flagged as compromised.
An app presenting itself as a productivity tool but available only in Russian surged to third place on the US free iPhone chart, raising questions Apple hasn't answered.
A 300-run benchmark on 20 real CVEs found LLM agents top out at a 50% fix rate, and the most expensive model costs 12 times more for no gain.
The lab published a reference framework for AI-driven code scanning, positioning itself in a security tooling market already crowded with well-funded rivals.
An FBI advisory says Chinese military operatives are using LinkedIn and Indeed to pay freelancers for research reports that end up in intelligence hands.
Both CVEs score 7.5 HIGH and stem from the same XML parsing library, but only fire when IEC 61850 server simulation is active.
A heap-based buffer overflow in MACH HiDraw's XML parser could let an authenticated local attacker crash or compromise industrial control systems.
An open-source disassembly library handles machine code across more than a dozen architectures and quietly underpins much of today's binary analysis tooling.
Dashlane says hackers brute-forced their way into about 20 password vaults, a small number that makes the attack method no less concerning.
A new Android feature will flag incoming calls that appear to be from someone posing as a person already in your address book.
Two compromised OpenAI employee devices triggered a mandatory Mac app update, with a June 12 deadline for all desktop users.
Three June advisories flag active exploitation across Cisco SD-WAN, Android, Linux, LiteLLM, and Check Point, while a new federal directive tightens patching rules.
Attackers hijacked Instagram accounts by asking Meta's support bot to add a new email address - no phishing or malware required.
Before you ditch the physical fob, here's what Android's digital car key system actually does to protect your vehicle.
A stored cross-site scripting flaw in CP Plus 8-channel NVRs scores 8.4 and puts admin sessions at risk across critical facilities in four countries.
The USR-W610, a Chinese-made converter used in factories worldwide, stores admin credentials in plaintext firmware, and its maker has not responded to CISA.
A CVSS 9.1 flaw in two KMW IP camera models lets an attacker remotely seize administrator access with no credentials required.
Five flaws in Danelec's widely deployed voyage data recorders gave network-adjacent attackers a clear path to administrator access.
A 2017 kernel optimization left the Linux crypto API open to an out-of-bounds write that could corrupt any setuid binary sitting in memory.
A security startup argues the standard approach to isolating AI agents is backwards — and that moving the harness outside the sandbox could prevent more breaches.
The FCC banned new consumer WiFi routers and mobile hotspots made outside the US, citing supply chain security concerns.
A patched vulnerability in Linux let hackers gain full control of PCs and servers—but many systems remain unpatched.
Ubuntu's infrastructure has been offline over a day, preventing the team from disclosing a critical vulnerability that grants full system access.
A hacktivist group claims it hit Canonical's infrastructure, blocking Linux updates for hours.
The program targets AI-specific attack vectors like prompt injection and agentic flaws, formalizing a threat model that's still being written.
The deal brings a vulnerability-testing platform for AI systems in-house, and raises the obvious question of who audits OpenAI's own models.
Google is walling off GPU debugging commands from regular apps in Android 16, targeting the driver interface behind most Android kernel exploits since 2021.
A security incident at analytics vendor Mixpanel touched some of OpenAI's API usage data, though credentials and payment details were unaffected.
With HTTPS adoption stalled near 95%, Google is making Chrome's four-year-old opt-in warning the default for every user.
Google's open-source Android hypervisor is the first consumer-electronics software to earn SESIP Level 5, a bar set for resisting nation-state-grade attacks.