Technology

Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data

New Microsoft research shows how attackers can hijack AI agents that act on a user’s behalf, using nothing more than a poisoned tool description to make the agent quietly hand over company data to an outsider. The trick is that the agent never breaks a rule. Every step looks routine, so in a default setup no alarm […]

Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data Read More »

Silent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet Addresses

Cybersecurity researchers have flagged an active browser extension campaign that is designed to steal cryptocurrency by stealthily replacing wallet addresses when unsuspecting users initiate a transaction. The cryptocurrency clipper activity has been codenamed Silent Swap by McAfee Labs. “The campaign is delivered through unsigned installers – observed in both .NET and Golang variants – that

Silent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet Addresses Read More »

Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints

Threat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner. The activity has been found to weaponize CVE-2026-33017 (CVSS score: 9.3), an unauthenticated remote code execution (RCE) vulnerability in Langflow, indicating threat actors are scanning and targeting exposed artificial intelligence (AI)

Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints Read More »

RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS

A new two-stage malware family called RustDuck is hijacking home routers, IP cameras, Android boxes, and poorly secured servers, then stitching them into a network built to knock websites and online services offline. Researchers at QiAnXin’s XLab have tracked it since February 2026, and say the real story is not how big it is today, but how

RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS Read More »

GuardFall Exposes Open-Source AI Coding Agents to Decades-Old Shell Injection Risks

The safety check that is supposed to stop an AI coding agent from running a dangerous command can be walked straight past using a shell trick that has been public for decades. New research from Adversa AI, which is named the bypass GuardFall, found it works against ten of the eleven popular open-source coding and computer-use

GuardFall Exposes Open-Source AI Coding Agents to Decades-Old Shell Injection Risks Read More »

Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input

Microsoft has found a malicious Chrome extension that posed as the AI search engine Perplexity and quietly logged what people searched for. It routed every query and every character typed into the address bar through an attacker-controlled server before redirecting users to real results. Microsoft says Google removed it from the store after responsible disclosure.

Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input Read More »

Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks

The China-aligned espionage group Mustang Panda is running two campaigns against the Indian government and hydropower targets, deploying new malware and turning a legitimate cloud service into its command channel. Acronis Threat Research Unit found active compromises inside Indian government networks, including machines used by senior administrative staff, and worked with 

Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks Read More »

WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private

WhatsApp on Monday officially announced the start of global reservations of usernames with an aim to protect the privacy of more than three billion users on the messaging platform. The optional feature is designed to help users connect with someone on the service through usernames, as opposed to directly sharing their phone numbers. Username reservations

WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private Read More »

236,000 DCloud Uni-App Sites Used in Crypto Scams, Phishing, and Wallet Drainers

New findings unearthed by Infoblox show that more than 236,000 websites are using investment scam templates built using a legitimate Chinese open-source, cross-platform application development framework called DCloud Uni-App. The templates power bogus cryptocurrency exchanges, multi-language pig-butchering operations, WhatsApp phishing networks, fake gambling platforms, brand-impersonation

236,000 DCloud Uni-App Sites Used in Crypto Scams, Phishing, and Wallet Drainers Read More »

⚡ Weekly Recap: Linux Kernel Flaws, AI Malware Tricks, Turla Backdoor, Infostealers and More

This week was a reminder that attackers do not always need big tricks. One small mistake, one old access path, one missed patch, and suddenly the door is open. The noise is not all noise, either. Forums are talking, researchers are finding easy cracks, and defenders have more cleanup waiting. Here’s the full Monday recap.

⚡ Weekly Recap: Linux Kernel Flaws, AI Malware Tricks, Turla Backdoor, Infostealers and More Read More »