In May 2025, a developer using Claude with the GitHub MCP server asked their AI assistant to do something entirely routine: review the open issues in a public repository. The repository contained a malicious GitHub issue planted by a researcher… Read More "AI GitHub Agents: How One Issue Leaked Private Repos"
Toronto, Canada-based Quantum Bridge announced on Wednesday that it has raised $8 million in Series A funding for its quantum-safe key distribution solution. The new funding, which brings the total raised by the company to $16 million, was supported by… Read More "Quantum Bridge Raises $8 Million for Quantum-Safe Key Distribution Solution"
Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company’s Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world. The tech giant attributed… Read More "Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks"
Twenty years ago, almost to the day, Amazon Web Services (AWS) launched Simple Storage Service (S3). A few months later, the company’s Elastic Compute Cloud (EC2) service opened for public beta testing before rolling out officially in 2008. These events sparked the era of modern… Read More "Virtual machines, virtually everywhere – but not all protected"
Security researchers have sounded the alarm over new scareware designed to lock users’ browsers and drive them to fraudulent tech support teams. Since the start of 2026, Barracuda researchers said they have observed around 2.8 million attacks which used the scareware… Read More "Researchers Warn CypherLoc Scareware Has Targeted Millions of Users"
In July 2025, an AI agent reviewed a support ticket, queried a production database, and leaked integration tokens directly to the attacker watching the thread. Months earlier, another AI followed “hidden instructions” in a public repository, exfiltrating private code into… Read More "Six MCP Security Incidents Every Security Leader Should Know"
1Password has partnered with OpenAI to address one of the growing security concerns surrounding AI-powered software development: protecting enterprise credentials from leakage, theft, or misuse by agentic coding systems. The companies on Tuesday announced a new integration for OpenAI Codex… Read More "1Password Teams With OpenAI to Stop AI Coding Agents From Leaking Credentials"
Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for command-and-control (C2 or C&C) communications. Webworm, first publicly documented by Broadcom-owned Symantec in… Read More "Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API"
Reaper changes tactics by moving execution into Apple’s Script Editor, sidestepping the protections Apple recently introduced to curb Terminal-based attacks. The end goal, however, remains credential theft, wallet compromise, and persistent access. “The SHub Reaper variant represents a noteworthy evolution… Read More "SHub Reaper impersonates Apple, Google, and Microsoft in one MacOS attack chain"
If you’ve been a victim of fraud, you’re likely already a lead on a ‘sucker list’ – and if you’re not careful, your ordeal may be about to get worse. 10 Apr 2026 • , 5 min. read The worst… Read More "Here’s how to avoid a ‘second strike’"
