North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT ...

While the Windows maker did not attribute the activity to a specific threat actor, the use of VS Code tasks and Vercel ...

Thousands of Google Cloud API keys available online may have given unauthorised access to sensitive Gemini AI endpoints, ...

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

What makes this campaign so striking is not just the malware, but where it is being stored. By shifting malicious code into ...

An OpenClaw vulnerability allowed malicious websites to take over AI agents, exposing sensitive information and enabling data ...

Patchstack's WordPress vulnerability report shows site are getting hacked within hours of vulnerability disclosure ...

Come for the coding test, stay for the C2 traffic Next.js developers are once again in the crosshairs as hackers seed ...

Over 2,800 exposed Google API keys may allow unauthorized Gemini AI access, risking data leaks and massive API charges.

Exposed Google API keys previously not considered secrets can now inadvertently grant attackers access to sensitive Gemini ...

This week on Cyber Uncut, David Hollingworth and Daniel Croft unpack the week’s cyber and AI news and entertain a special guest to boot!

A malicious NPM package, ambar-src, mimicking a popular JavaScript framework, was downloaded nearly 50,000 times in a few ...