CSO Online

AI-powered polymorphic attack lures victims to phishing webpages

A new breed of malware uses various dynamic techniques to avoid detection and create customized phishing webpages.
Infosecurity Magazine

Labyrinth Chollima Evolves into Three North Korean Hacking Groups

CrowdStrike assessed that two new threat actor groups have spun off from North Korean Labyrinth Chollima hackers ...
Microsoft

Case study: Securing AI application supply chains

This case study examines how vulnerabilities in AI frameworks and orchestration layers can introduce supply chain risk. Using ...
MIT Technology Review

Rules fail at the prompt, succeed at the boundary

Put rules at the capability boundary: Use policy engines, identity systems, and tool permissions to determine what the agent ...

Windscribe review: Despite the annoyances, it has the right idea

The security and privacy of this freemium VPN are unimpeachable, though it makes some odd choices in design and customer ...

OpenAI spills technical details about how its AI coding agent works

On Friday, OpenAI engineer Michael Bolin published a detailed technical breakdown of how the company’s Codex CLI coding agent ...
Security Boulevard

APT Attacks Target Indian Government Using SHEETCREEP, FIREPOWER, and MAILCREEP | Part 2

This is Part 2 of our two-part technical analysis on the Gopher Strike and Sheet Attack campaigns. For details on the Gopher Strike campaign, go to Part 1.IntroductionIn September 2025, Zscaler ...

From Cipher to Fear: The psychology behind modern ransomware extortion

Modern ransomware has shifted from encryption to psychological extortion that exploits fear, liability, and exposure. Flare ...
Security Boulevard

APT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL | Part 1

IntroductionIn September 2025, Zscaler ThreatLabz identified two campaigns, tracked as Gopher Strike and Sheet Attack, by a threat actor that operates in Pakistan and primarily targets entities in the ...

Konni hackers target blockchain engineers with AI-built malware

The North Korean hacker group Konni (Opal Sleet, TA406) is using AI-generated PowerShell malware to target developers and engineers in the blockchain sector.
The Hacker News

ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services

ClickFix uses fake CAPTCHAs and a signed Microsoft App-V script to deploy Amatera stealer on enterprise Windows systems.