Microsoft’s AutoJack research shows how a malicious webpage rendered by an AI browsing agent can reach local MCP services and ...

Security vendors and their customers have spent considerable time debating where to draw the line between “legitimate” AI agents and “malicious” bots. A 31-day campaign against a major consumer ...

Three popular plugins served malicious JavaScript through a compromised CDN.

Tech giant Toshiba and mega-retailer Muji warned visitors that suspicious sign-in screens popping up on their websites could ...

RSA today announced new RSA Help Desk Live Verify capabilities that stop social engineering attacks by extending coverage for users without a registered authenticator. Announced at Identiverse 2026, ...

FBI warns cyber criminals are using Traffic Distribution Systems to redirect users to phishing sites, malware downloads, ...

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

ThreatsDay Bulletin covers AI abuse, poisoned packages, phishing, macOS attacks, SD-WAN flaws, scams, and supply-chain ...

Azure Functions shipped a serverless agents runtime in public preview at Build 2026. Agents are defined in .agent.md markdown ...

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...

International law enforcement agencies cleaned nearly 15,000 malware-infected WordPress websites and took down more than 100 servers linked to the SocGholish botnet and the Evil Corp Russian ...

A malware named IronWorm spread through 36 npm packages in the Arweave ecosystem, stealing developer credentials and self ...