Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...

JDownloader distributed malware downloads

In early May, the JDownloader website delivered malware. This is reminiscent of Daemon Tools, which have since reacted.
The Hacker News

PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems

PCPJack steals credentials via 6 Python modules exploiting 5 CVEs, enabling cloud spread and fraud-driven attacks.
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
SecurityWeek

‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials

The PCPJack worm targets cloud environments and vulnerable web applications to remove TeamPCP infections and steal ...

Top download manager JDownloader hacked — installers replaced with dangerous malware

Between May 6 and 7, it was dangerous to install JDownloader from alternative links on the site.

'PCPJack' cloud worm hijacks TeamPCP hacker infrastructure

Named PCPJack, the framework was discovered on April 28 by a hunting rule on Google's VirusTotal malware scanning service ...
Decrypt

You Installed Hermes. Now Make It Look Better Than ChatGPT or Claude

The terminal is fine. But if you actually want to live in your Hermes agent, here are the four best GUIs the community has ...
The Next Web

The AI industry’s model and agent skill repositories are full of malware. The infrastructure built to accelerate development is now the vector for compromising it.

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.
WeLiveSecurity

A rigged game: ScarCruft compromises gaming platform in a supply-chain attack

ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via ...

Usage-based pricing killing your vibe - here's how to roll your own local AI coding agents

With model devs pushing more aggressive rate limits, raising prices, or even abandoning subscriptions for usage-based pricing ...
Windows Report

Hackers Abuse Microsoft Teams to Deploy Snow Malware and Steal Domain Credentials

Attackers exploit Microsoft Teams and Snow malware to steal credentials and take over enterprise networks through social engineering.