CSO Online

Google’s Vertex AI SDK could allow RCE through bucket squatting

Google reportedly patched a flaw in the Vertex AI SDK for Python that could allow attackers to hijack model uploads and ...
Security Boulevard

When AI Agents Become Bots: A Field Report from the Authentication Layer

Security vendors and their customers have spent considerable time debating where to draw the line between “legitimate” AI agents and “malicious” bots. A 31-day campaign against a major consumer ...
The Hacker News

Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware

North Korea-linked ScarCruft uses fake Microsoft Account alerts and ZIP files to deliver NarwhalRAT, a Python RAT built for ...

Critical Copilot vulnerability allowed hackers to steal 2FA code from users

Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the ...
WeLiveSecurity

EvilTokens: A phishing attack that doesn’t steal your password

A phishing kit subverting Microsoft’s legitimate authentication flow lets attackers break into accounts without stealing ...
The Hacker News

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

Splunk issued security updates for a critical CVSS 9.8 vulnerability in Splunk Enterprise that allows unauthenticated remote ...
InfoQ

Google Launches Colab CLI for Developers, Automation, and AI Agents

Google has announced the Google Colab CLI, a command-line tool that allows developers and AI agents to interact with remote ...
yogonet

Eliminating password risk through passwordless authentication, zero-knowledge security, and frictionless user access

In this article, MIRACL explores how passwordless authentication and zero-knowledge cryptography can help organizations strengthen identity security while reducing friction for users. As cyber threats ...
Microsoft

AI brands as bait: How threat actors are using the AI hype in social engineering

As threat actors operationalize AI to accelerate attacks, they are also leveraging the wider global interest around AI itself ...

From code-first to intent-first: Microsoft Build 2026 could be the end of programming as we know it

Build 2026 runs from June 2-3 in San Francisco. Here's what Microsoft is expected to announce for GitHub Copilot, Azure AI ...
Tech Times

AI vs AI Cybersecurity: Sysdig Documents First LLM-Agent Intrusion in the Wild

AI vs AI cybersecurity arrived in documented form on May 10, when an LLM agent drove a four-pivot intrusion to database exfiltration in under an hour with no human direction. CrowdStrike data puts ...
Fox News

Are bank text codes enough to protect you?

Bank security can feel confusing because every account seems to handle it differently. One bank sends a text. Another sends an email. Another asks you to approve a login inside its app. So when ...