An N-day vulnerability in Microsoft Word exposes nearly 14 million assets. Attackers can exploit this flaw to bypass security prompts, enabling deployment of malware and establishing persistent access ...

During an investigation into exposed OpenWebUI servers, the Cybernews research team identified a malicious campaign targeting ...

DNS flaw in Amazon Bedrock and critical AI vulnerabilities expose data and enable RCE, risking breaches and infrastructure ...

今天下午朋友圈被安全圈的同行刷屏了——国家网络与信息安全信息通报中心（以下简称“通报中心”）发布了一则关于OpenClaw的风险预警。说实话，看到这份通报的时候我倒吸了一口凉气。不是因为漏洞又多又严重，而是那份“90%实例可被直接攻击”的结论，意味着如果你正在用这个当红的AI智能体框架，大概率已经成了黑客的肉鸡。 OpenClaw是什么？如果你还没听过，简单来说它是一个开源的AI自动化工具，你可以 ...

ClickFix campaigns spread MacSync macOS infostealer via malicious Terminal commands since Nov 2025, targeting AI tool users ...

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...

An undefined Chinese-speaking actor wields a combo of custom malware, open source tools, and LOTL binaries against Windows ...

BlackBox AI, a popular VS Code coding assistant, has a critical indirect prompt injection vulnerability. Hackers can exploit ...

Clone the LiteWing Library repository from GitHub using the following command: ...

Abstract: Penetration testing (also known as Pentesting) is a systematic process that involves the identification and exploitation of vulnerabilities, misconfigurations and potential weaknesses in ...

The "Execute Shell Command" action works correctly inside Raycast. However, when "Run in Terminal" is enabled in the extension settings, the command still executes ...