Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
CSO Online

Six flaws found hiding in OpenClaw’s plumbing

Researchers say an AI-powered code scanner traced untrusted data across layers of OpenClaw, exposing exploitable weaknesses including SSRF, authentication bypass, and path traversal.
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
Bleeping Computer

News in the Security category

An information-stealing malware operation named Arkanix Stealer, promoted on multiple dark web forums towards the end of 2025, was likely developed as an AI-assisted experiment. Attackers are doubling ...
UNESCO

Reporting a Cybersecurity Issue: UNESCO’s Security Vulnerability Disclosure policy

The vulnerability is reported to UNESCO as soon as possible after its discovery. The vulnerability findings must remain confidential for at least 90 days following the date the vulnerability was ...