New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.

Iran's new supreme leader vows to keep blocking Strait of Hormuz in first statement released by regime

The message attributed to Mojtaba Khamenei was read by a presenter on Iranian state TV. He has not been seen in public since ...
Forbes

Critical Google Chrome Security Bug—Visiting Web Page Executes Attack

This voice experience is generated by AI. Learn more. This voice experience is generated by AI. Learn more. Google confirms critical Chrome RCE. Google has confirmed a total of, and I hope you are ...

“Use a gun” or “beat the crap out of him”: AI chatbot urged violence, study finds

An advocacy group said its study of 10 artificial intelligence chatbots found that most of them gave at least some help to users planning violent attacks and that nearly all failed to discourage users ...
Microsoft

Detecting and analyzing prompt abuse in AI tools

Hidden instructions in content can subtly bias AI, and our scenario shows how prompt injection works, highlighting the need for oversight and a structured response playbook.

14,000 routers are infected by malware that’s highly resistant to takedowns

Researchers say they have uncovered a takedown-resistant botnet of 14,000 routers and other network devices—primarily made by Asus—that have been conscripted into a proxy network that anonymously ...
Microsoft

Contagious Interview: Malware delivered through fake developer job interviews

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...