A method that could enable code execution through manipulated installation links in an AI development environment has been identified by security researchers. The technique, dubbed CursorJack by Proofpoint Threat Research, centres on the abuse of Model Context Protocol (MCP) deeplinks… Read More "CursorJack’ Attack Path Exposes Code Execution Risk in AI Development"
A new Android attack technique that manipulates the runtime environment instead of modifying applications has been identified. The method, discovered by CloudSEK researchers, uses the LSPosed framework to interfere with system-level processes, allowing attackers to hijack legitimate payment apps without… Read More "Android OS-Level Attack Bypasses Mobile Payment Security"
Custom-built AI applications are set to cause major headaches for security teams over the coming years, unless they can get involved in projects early on, Gartner has warned. The analyst predicted that by 2028, at least half of enterprise incident… Read More "AI Issues Will Drive Half of Incident Response Efforts by 2028, Says G"
Lithuanian authorities are on high alert after a massive data leak involving more than 600,000 entries from national data registers, which is believed to have been executed by another country. The Lithuanian general prosecutor’s office on Friday announced the leak… Read More "Lithuania Suspects Foreign Involvement in Data Leak of Over 600,000 National Register Entries"
Hundreds of GitHub repositories seemingly offering “free game cheats” deliver malware, including the Vidar infostealer, Acronis Threat Research Unit (TRU) has found. While the identified malicious repositories already target “virtually every major online game title,” the security researchers estimate the… Read More "Vidar Stealer 2.0 Exploits Fake Game Cheats on GitHub, Reddit"
DockSec is an open source security tool born out of frustration and raised by Advait Patel. The frustration originates in the growing recognition that AI is excellent at finding vulnerabilities, but poor at explaining how to fix them. “On a… Read More "Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker Images"
AI and automation helped threat actors to rapidly accelerate attacks in 2025, collapsing the “predictive window” between vulnerability disclosure and exploitation, according to Rapid7. The security vendor’s new 2026 Global Threat Landscape Report is based on Rapid7 MDR incident response… Read More "AI-Enabled Adversaries Compress Time-to-Exploit – Infosecurity Magazine"
After more than 2,000 hours of government-imposed connectivity blackouts, there were signs on Tuesday that Iran’s internet is coming back—at least at very low levels. Iran’s more than 90 million citizens have been without internet for the overwhelming majority of… Read More "Internet Starts to Return in Iran After 3-Month Blackout"
SecurityWeek’s Threat Detection & Incident Response Summit took place on May 20th and is now available on demand for a limited time. Register to enjoy free access to expert-led sessions exploring how security teams can cut through alert fatigue, leverage… Read More "Watch on Demand: Threat Detection & Incident Response Summit – All Sessions Available"
The Iranian hacking group known as MuddyWater has been linked to a new campaign affecting at least nine organizations across nine countries on four continents in the first quarter of 2026. The activity targeted industrial and electronics manufacturing, education and… Read More "MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries"
