OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...

North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT ...

There are moments in the evolution of a nation when a single incident, seemingly isolated, exposes a deeper and more troubling ...

A critical OpenClaw flaw allowed malicious websites to connect to locally running agents, brute-force passwords without ...

先日リリースされた「Firefox 148」には、主要Webブラウザーで初めて「Sanitizer API」が実装されているとのこと。「クロスサイトスクリプティング」と呼ばれるタイプの脆弱性を抑制する技術として期待されており、他のWebブラウザーも追随する見込みだ。

The Arkanix Stealer malware can collect and exfiltrate system information, browser data, VPN information, and arbitrary files ...

AmazonのセキュリティチームであるAmazon Threat Intelligenceが2026年2月20日、ロシア語を話すハッカーらが複数の商用生成AIサービスを悪用し、ネットワークファイアウォール「FortiGate」が搭載された600台以上のデバイスを侵害したと報告しました。この事例は、AIの悪用によって従来は大規模で熟練したチームが必要だったサイバー攻撃が、比較的経験の浅いチームでも可 ...

A sophisticated Python-based malware deployment uncovered during a fraud investigation has revealed a layered attack involving obfuscation, disposable infrastructure and commercial offensive tools.

The Arkanix infostealer combines LLM-assisted development with a malware-as-a-service model, using dual language implementations to maximize reach and establish persistence.

Amazon is warning that a Russian-speaking hacker used multiple generative AI services as part of a campaign that breached more than 600 FortiGate firewalls across 55 countries in five weeks.

Microsoft researchers found a ClickFix campaign that uses the nslookup tool to have users infect their own system with a Remote Access Trojan.

Attackers recently leveraged LLMs to exploit a React2Shell vulnerability and opened the door to low-skill operators and calling traditional indicators into question.