President Trump signed an executive order on June 22 setting hard deadlines for federal agencies to move high-value assets and high-impact systems to post-quantum cryptography. Key establishment must move by December 31,… Read More »Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration
Security firm AIR built a fake AI agent skill, pushed it through a popular skill marketplace and an Instagram ad, and says it reached roughly 26,000 agents, including some on corporate accounts.… Read More »Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents
GitHub is moving to strengthen software supply chain security by updating “actions/checkout” to block pwn request attacks that exploit the risky use of the “pull_request_target workflow” trigger to run malicious… Read More »GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns
Every weapon begins as an extension of the hand that holds it. The spear lengthened the reach of the arm. The bow sent the point flying without the throw. The… Read More »Agentic AI: The Weapon That No Longer Needs a Warrior
Cybersecurity researchers have discovered a set of malicious npm packages that are designed to deliver a Windows-based remote access trojan (RAT). The list of identified packages, is below – aes-decode-runner-pro… Read More »Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT
Direct messages sent via WhatsApp are being used to distribute malicious Visual Basic Script (VBScript) files that lead to the installation of legitimate Remote Monitoring and Management (RMM) software. Per… Read More »WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool
OpenAI on Monday said it’s releasing an improved version of its GPT‑5.5‑Cyber model to trusted defenders as part of the Daybreak initiative, the artificial intelligence (AI) company announced last month.… Read More »OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws
Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack after unknown threat actors managed to tamper with the official release channels and push backdoor code. “Attackers compromised… Read More »ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack
Cybersecurity researchers have disclosed details of four vulnerabilities in Dify, an open-source agentic workflow platform with more than 146,000 GitHub stars, that could allow attackers to stealthily read artificial intelligence… Read More »Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants
A heap over-read in the Squid web proxy can leak another user’s cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic… Read More »29-Year-Old Squid Proxy Bug ‘Squidbleed’ Can Leak Cleartext HTTP Requests