News

The Register on MSN16h

AI-powered penetration tool, an attacker's dream, downloaded 10K times in 2 months

Shady, China-based company, all the apps needed for a fully automated attack - sounds totally legit Villager, a new ...
The Hacker News6d

TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations

CastleRAT and CastleLoader, active since March 2025, spread malware via phishing and GitHub repos, enabling data theft.
InfoWorld11h

VS Code 1.104 emphasizes AI model selection, agent security

The latest update to Microsoft’s code editor previews an automatic model selection capability and improvements to agent ...
Ars Technica4mon

Researchers claim breakthrough in fight against AI’s frustrating security hole

In the AI world, a vulnerability called a "prompt injection" has haunted developers since chatbots went mainstream in 2022. Despite numerous attempts to solve this fundamental vulnerability—the ...

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...
Dark Reading11mon

Python-Based Malware Slithers Into Systems via Legit VS Code

A known Chinese advanced persistent threat (APT) group known as Mustang Panda is the likely culprit behind a sophisticated, ongoing cyber-espionage campaign. It starts with a malicious email, and ...
Security Boulevard3d

APT37 Targets Windows with Rust Backdoor and Python Loader

IntroductionAPT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima) is a North Korean-aligned threat actor active since at least 2012. APT37 primarily targets South Korean individuals ...
Cyber Defense Magazine8d

Fake (Hallucinated) Remote Code Execution (RCEs) in LLM Applications

Introduction As agents become integrated with more advanced functionality, such as code generation, you will see more Remote ...