Securing AI agents: When AI tools move from reading to acting
MCP tool poisoning turns trusted AI agents into a control plane for data loss. Learn how threat actors manipulate tool descriptions to trigger unauthorized a...
20 articles
MCP tool poisoning turns trusted AI agents into a control plane for data loss. Learn how threat actors manipulate tool descriptions to trigger unauthorized a...
The Microsoft Defender vulnerability CVE-2026-33825 was exploited in the wild as a zero-day before patches were released. The post BlueHammer Vulnerability E...
ReliaQuest report warns of a surge in ClickFix social engineering attacks against Windows and macOS users
A new technical analysis has exposed six proximity-transfer flaws across Apple AirDrop, Samsung Quick Share on Android, and Google Quick Share for Windows, s...
Google has removed a malicious browser extension masquerading as Perplexity AI after Microsoft researchers found it was intercepting users’ search traffic an...
A proof-of-concept has been published that bypasses Microsoft’s mitigation for the NTLM reflection vulnerability tracked as CVE-2025-33073 and allows escalat...
SystemBC (also tracked as Coroxy) remains a versatile and persistent Windows malware family that operators routinely deploy to convert compromised hosts into...
Microsoft has introduced a new Teams admin policy that allows organizers to prevent third-party bots from joining meetings without approval. [.
Microsoft has introduced a new Teams admin policy that allows organizers to prevent third-party bots from joining meetings without approval. [.
Attackers are exploiting CVE-2026-48558, a recently patched authentication bypass vulnerability in SimpleHelp RMM, to drop the novel Djinn Stealer malware on...
The new “Boss Scam” is a sharp escalation in CEO fraud: attackers now combine impersonation, Windows DLL sideloading, and WhatsApp Web session theft to turn ...
CISA confirmed on Monday that ransomware gangs are now exploiting a Microsoft Defender privilege escalation vulnerability, dubbed BlueHammer, that has previo...
AVG Mobile Security for iOS helps protect users against online threats with features including Web Guard, VPN, Scam Guardian Pro, Hack Alerts, and Photo Vaul...
A newly identified Windows backdoor, dubbed Mistic, that has been observed in intrusions since April 2026 and appears designed for stealthy, long-term access...
Containers power a large share of cloud-native applications, AI workloads, and testing and deployment pipelines. Developers working on Windows have long pull...
The StegoAd campaign employed steganography to hide malicious JavaScript within image and font files, making the extensions appear legitimate and functional.
Microsoft will continue to offer hotpatching for Windows Server 2022 Datacenter: Azure Edition until 2027, a move that extends support beyond the mainstream ...
Microsoft has found a malicious Chrome extension that posed as the AI search engine Perplexity and quietly logged what people searched for. It routed every q...
Microsoft has extended Windows Server 2022 hotpatching until October 2027, one year after the mainstream end date of October 2026. [.
A malicious Chromium-based extension that spoofs the AI-powered answer engine Perplexity AI redirects browser search traffic using MV3 APIs and intermediary ...