Dark Reading

TeamPCP Turns Cloud Infrastructure into Crime Bots

The threat actor has been compromising cloud environments at scale with automated worm-like attacks on exposed services and ...

OpenClaw’s AI ‘skill’ extensions are a security nightmare

Security researchers found hundreds of malicious add-ons on ClawHub.
Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.
The Hacker News

Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers

Python infostealers are spreading from Windows to macOS via Google Ads, ClickFix lures, and fake installers to steal credentials and financial data.
SecurityWeek

Security Analysis of Moltbook Agent Network: Bot-to-Bot Prompt Injection and Data Leaks

AI agent social network Moltbook vulnerability exposing sensitive data and malicious activity conducted by the bots.
The Hacker News

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.

AI agents plus Terminal access equals a macOS security mess

AI agents that can run commands on a Mac are now being used to install malware, although the simplest way to avoid it is not ...

AI Agent Identity Management: A New Security Control Plane for CISOs

Autonomous AI agents are creating a new identity blind spot as they operate outside traditional IAM controls. Token Security ...
Cloud Security Alliance

Logic-Layer Prompt Control Injection (LPCI): A Novel Security Vulnerability Class in Agentic Systems

Explores LPCI, a new security vulnerability in agentic AI, its lifecycle, attack methods, and proposed defenses.