The Hacker News

TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms

TCLBANKER targets 59 financial platforms using WhatsApp worms and Outlook phishing, increasing banking credential theft risks ...
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...
Microsoft

ClickFix campaign uses fake macOS utilities lures to deliver infostealers

Threat actors are targeting macOS users with fake utility fixes that trick them into running malicious Terminal commands.

ScarCruft’s New BirdCall Malware is Hiding in Gaming Apps

ScarCruft hackers are reportedly pushing an Android malware strain dubbed BirdCall in a supply-chain attack through a video ...
WeLiveSecurity

A rigged game: ScarCruft compromises gaming platform in a supply-chain attack

ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via ...

ScarCruft hackers push BirdCall Android malware via game platform

The North Korean hacker group APT37 has been delivering an Android version of a backdoor called BirdCall in a supply-chain ...

Trojan abuses Microsoft Phone Link app to steal your passwords

The CloudZ Trojan steals data through Microsoft Phone Link. The campaign has been active since at least January 2026.  Follow ...
Security Boulevard

Local Guardrails for Secrets Security in the Age of AI Coding Assistants

Modern developer environments expose sensitive context across files, prompts, logs, and commands. Learn how layered local ...

Jobs day, semiconductor earnings, and stock market momentum: What to watch this week

The April jobs report, earnings reports from major semiconductor companies, and a strong start to the month for US equities ...

Usage-based pricing killing your vibe - here's how to roll your own local AI coding agents

With model devs pushing more aggressive rate limits, raising prices, or even abandoning subscriptions for usage-based pricing ...
SecurityWeek

‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover

Copy Fail, a logic bug in the Linux kernel, allows users to write 4-byte code into other files’ page cache and achieve root ...
The Next Web

Dropbox brings its files, Dash search, and Reclaim calendar into ChatGPT with three new apps

The storage company is launching a Dropbox file app, a Dropbox Dash enterprise search app, and a Reclaim AI calendar app inside ChatGPT, letting users access, save, and act on their work without ...