News

Decrypt22h

'CopyPasta' Attack Shows How Prompt Injections Could Infect AI at Scale

AI coding tools can be tricked by fake license files to spread malicious code, security firm HiddenLayer warns.
The Hacker News3h

CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation

"The upshot of CVE-2025-53690 is that an enterprising threat actor somewhere has apparently been using a static ASP.NET ...
The Hacker News5h

TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations

CastleRAT and CastleLoader, active since March 2025, spread malware via phishing and GitHub repos, enabling data theft.
The Register on MSN15m

Shell to pay: Crims invade your PC with CastleRAT malware, now in C and Python

Pro tip, don't install PowerShell commands without approval A team of data thieves has doubled down by developing its ...
Hackaday5h

This Week In Security: DNS Oops, Novel C2s, And The Scam Becomes Real

Something rather significant happened on the Internet back in May, and it seems that someone only noticed it on September 3rd ...
Hackaday3h

Hackaday Podcast Episode 336: DIY Datasette, Egg Cracking Machine, And Screwing 3D Prints

Thunderstorms were raging across southern Germany as Elliot Williams was joined by Jenny List for this week’s podcast. The deluge outside didn’t stop the hacks coming though, and ...
Infosecurity Magazine8h

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Security

Trend Micro observed the attackers using terminal-based installation methods for the AMOS malware, luring macOS users into ...

Coinbase’s preferred AI coding tool can be hijacked by new virus

Cybersecurity firm HiddenLayer says a new virus can infect popular AI tools, including one widely used at crypto exchange ...
The Register on MSN20h

Attackers snooping around Sitecore, dropping malware via public sample keys

You cut and pasted the machine key from the official documentation? Ouch Unknown miscreants are exploiting a configuration ...