SecurityWeek

New AI model drives Project Glasswing, a effort to secure critical software before advanced capabilities fall into the wrong hands.

The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural.

The startup has created a layered security solution aiming to secure AI agents throughout their entire lifecycle.

The improper validation of user-supplied JavaScript code allows attackers to execute arbitrary code and access the file system.

A critical DoS vulnerability in the Framework component of Android has also been fixed with the latest update.

By targeting Grafana’s AI components, attackers can point to external resources and inject indirect prompts to bypass safeguards.

Join the live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline.

Researchers have demonstrated that GPU Rowhammer attacks can be used to escalate privileges.

The group is using zero-days, quickly weaponizes fresh bugs, and exfiltrates and encrypts data within days of initial access.

Shchukin is accused of extorting more than $2 million as the head of the GandCrab and REvil ransomware operations.

The Trump administration says the FY2027 budget refocuses CISA on its core mission: protecting federal agencies and critical infrastructure.

The high-end casino and hotel operator has likely paid a ransom to avoid a data leak.

A vulnerability named ‘AI Agent Traps’ allows attackers to manipulate, deceive, and exploit visiting agents via malicious web content.

Hackers published 36 NPM packages posing as Strapi plugins to execute shells, escape containers, and harvest credentials.

The threat actor behind the Axios supply chain attack has been aiming at other maintainers in its social engineering campaign.