SecurityWeek

Cursor AI Vulnerability Exposed Developer Devices

NomShub, a vulnerability chain in Cursor AI, allowed attackers to achieve persistent access to systems via indirect prompt ...

New Mirai campaign exploits RCE flaw in EoL D-Link routers

A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability ...
The Hacker News

Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles

Updated LOTUSLITE targets India banking sector via CHM and DLL side-loading, expanding espionage campaign to South Korea and ...
Dark Reading

Google Fixes Critical RCE Flaw in AI-Based 'Antigravity' Tool

The prompt-injection issue in the agentic AI product for filesystem operations was a sanitization issue that allowed for ...
CSO Online

Prompt injection turned Google’s Antigravity file search into RCE

A prompt injection flaw in Google’s Antigravity IDE turns a file search tool into a remote code execution vector, bypassing ...
Infosecurity Magazine

MacOS Native Tools Enable Stealthy Enterprise Attacks

A growing range of native macOS features are being repurposed by attackers to execute code, move laterally and evade ...
SecurityWeek

Google Antigravity in Crosshairs of Security Researchers, Cybercriminals

Google Antigravity’s increasing popularity has brought the development platform into the crosshairs of researchers and ...

Microsoft: Teams increasingly abused in helpdesk impersonation attacks

Microsoft is warning of threat actors increasingly abusing external Microsoft Teams collaboration and relying on legitimate ...
Homeland Security Today

Two U.S. Nationals Sentenced for Operating Fake Remote Worker Laptop Farms for North Korea

The Justice Department has announced the sentencings of two U.S. nationals, Kejia Wang, 42, and Zhenxing Wang, 39, for their ...

Microsoft’s Patch Tuesday release for April is a whopper

Nearly every major product family needs immediate patching, from Windows to Office to Microsoft Edge, SQL Server, and even ...
Security Boulevard

Tropic Trooper Pivots to AdaptixC2 and Custom Beacon Listener

IntroductionOn March 12, 2026, Zscaler ThreatLabz discovered a malicious ZIP archive containing military-themed document ...

Critical vulnerability in Ruby's standard library ERB:attackers can execute code

The Ruby vulnerability is not easy to exploit, but allows an attacker to read sensitive data, start code, and install ...