SquareX Labs demonstrates a practical, low-friction attack class — AI Sidebar Spoofing — where a malicious browser extension or attacker-controlled page injects a visually identical, writable AI sidebar into theRead More →
The U.S. Secret Service’s recent seizure of 300 SIM servers and 100,000 SIM cards in New York highlights a growing national security issue: the weaponization of telecom infrastructure for fraud,Read More →
In what is now considered the largest npm supply-chain compromise in history, attackers hijacked 18 widely used npm packages — including chalk, debug, ansi-styles, and strip-ansi — with a staggeringRead More →
Agentic AI browsers (e.g., Microsoft Copilot in Edge, OpenAI’s “agent mode” sandboxed browser, and Perplexity’s Comet) are designed to autonomously browse, click, shop, and interact with content on behalf ofRead More →
In a case that redefines the boundaries of modern cybercrime, a threat actor known as UNC2891 has carried out a multi-vector cyber-heist targeting ATM infrastructure across several banking institutions. Group-IB’sRead More →
In a bold move to counter the growing number of open-source software supply chain attacks, Google has launched OSS Rebuild, a program designed to automatically rebuild OSS packages in isolatedRead More →
Data is now the most targeted asset in cyberattacks, and organizations are investing heavily in securing it. Data Security Posture Management (DSPM) is a key tool. It helps monitor andRead More →
A set of four Bluetooth vulnerabilities dubbed “PerfektBlue”, discovered by researchers at PCA Cyber Security, expose a critical weakness in the BlueSDK Bluetooth stack developed by OpenSynergy. This stack isRead More →
In one of the most significant insider-assisted cyberattacks in Brazil’s financial history, a low-level IT operator working at C&M Software—a company that links smaller banks to Brazil’s PIX real-time paymentRead More →
In a recent threat intelligence disclosure, Okta has identified the misuse of Vercel’s v0.dev, a generative AI-powered interface builder, by malicious actors to construct sophisticated phishing websites. These sites areRead More →
