Malicious repositories and disguised symlinks can trick AI coding agents into silently installing attacker-controlled MCP servers capable of stealing secrets, compromising CI pipelines, and deploying malicious code. The post ‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems appeared first on SecurityWeek.
Security firms took down all four command-and-control (C&C) channels used by the GlassWorm malware. The post GlassWorm Botnet Disrupted appeared first on SecurityWeek.
Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows unauthenticated remote attackers to pull private container images from Gitea deployments without requiring an account, password, or other credentials. The vulnerability, tracked as CVE-2026-27771 (CVSS score: N/A), affects all versions of GiteaRead More »Gitea Vulnerability Exposes Private Container Images without Authentication
The attack was claimed by a hacktivist group, but evidence showed it used infrastructure linked to Iranian government threat actors. The post LA Metro Cyberattack Linked to Iranian State-Sponsored Hackers appeared first on SecurityWeek.
The FBI has issued an alert warning of Silent Ransom Group attacks targeting law firms. The post FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data appeared first on SecurityWeek.
Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing malicious download sites. “This emerging delivery technique extends social engineering beyond conventional search results and increases the visibility of malicious software recommendations,” Microsoft Defender Experts and the Microsoft
Resolved last week, the vulnerability was exploited in the wild as a zero-day to execute scripts with root privileges. The post CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day appeared first on SecurityWeek.
The AI giant says the new plugin, which helps developers find vulnerabilities as they write code, has been used extensively internally. The post Anthropic Releases New Claude Sandbox, Security Guidance Plugin appeared first on SecurityWeek.
An expert breaks down the Trump Administration’s plan to invest $2 billion into quantum computing innovation and leadership.
The university has started construction to expand its institute devoted to examining U.S. critical infrastructure vulnerabilities.
