AI chatbots make it possible for people who can’t code to build apps, sites and tools. But it’s decidedly problematic.

Shadow AI 2.0 isn’t a hypothetical future, it’s a predictable consequence of fast hardware, easy distribution, and developer ...

DeepLoad exploits ClickFix and WMI persistence to steal credentials, enabling stealth reinfection after three days.

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access trojan to potentially millions of developer environments during a three-hour ...

TeamPCP strikes again, with almost identical code to LiteLLM.

A single unauthenticated connection gives attackers a full shell; credential theft observed in under three minutes on honeypot servers.

A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access.

A new model so sharp OpenAI put childproof caps on it. OpenAI has rolled out GPT-5.4-Cyber, a fine-tuned cousin of its ...

CERT-EU attributed a 92 GB data breach at the European Commission to TeamPCP, which compromised the Trivy security scanner in ...

GitHub is adopting AI-based scanning for its Code Security tool to expand vulnerability detections beyond the CodeQL static analysis and cover more languages and frameworks. The developer ...

PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.