Attackers Use New Tool to Scan for React2Shell Exposure

Researchers say threat actors wielded the sophisticated — and unfortunately named — toolkit to target high-value networks for React2Shell exploitation.

Lessons From AI Hacking: Every Model, Every Layer Is Risky

After two years of finding flaws in AI infrastructure, two Wiz researchers advise security pros to worry less about prompt injection and more about vulnerabilities.

Supply Chain Attack Secretly Installs OpenClaw for Cline Users

The malicious version of Cline's npm package — 2.3.0 — was downloaded more than 4,000 times before it was removed.

Best-in-Class 'Starkiller' Phishing Kit Bypasses MFA

A user-friendly PhaaS tool beats standard methods for detecting phishing attacks by live-proxying legitimate login sites.

Abu Dhabi Finance Week Exposed VIP Passport Details

Unprotected cloud data sends the wrong signal at a time when the emirate's trying to attract investors and establish itself as a global financial center.

Connected and Compromised: When IoT Devices Turn Into Threats

Reused passwords, a lack of network segmentation, and poor sanitization processes make the Internet of Things' attack surfaces more dangerous.

Scam Abuses Gemini Chatbots to Convince People to Buy Fake Crypto

A convincing presale site for phony "Google Coin" features an AI assistant that engages victims with a slick sales pitch, funneling payment to attackers.