Latest news as of 5/18/2026, 10:11:48 PM
Bleeping Computer
The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. [...]
The Register
Sell your soul to the orb Sam Altman has cooked up a plan to make his cryptocurrency/identity/eyeball-scanning-orb venture more useful by – you guessed it – adding agentic AI to the mix. Now the technology behind it will be used to identify the human behind bots.…
Dark Reading
The cyberattackers leveraged trusted brands and domains in an attempt to redirect a C-suite executive at Outpost24 to give up his credentials.
Bleeping Computer
The European Union Council has announced sanctions against three entities and two individuals for their involvement in cyberattacks targeting critical infrastructure in the region. [...]
The Hacker News
Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution environments using domain name system (DNS) queries. In a report published Monday, BeyondTrust revealed that Amazon Bedrock AgentCore Code Interpreter's sandbox mode permits outbound DNS queries that an attacker can exploit to enable interactive shells
The Register
State-sponsored attackers joined by Chinese snoops and hackers-for-hire in latest round of economic penalties The Council of the European Union sanctioned Emennet Pasargad on Monday, a company used as a front for a series of Iranian cyberattacks.…
Dark Reading
In a recent attack, the group showcased stealthier cross-network activity, thanks to its use of a new BYOVD technique and other tools.
The Hacker News
The ransomware operation known as LeakNet has adopted the ClickFix social engineering tactic delivered through compromised websites as an initial access method. The use of ClickFix, where users are tricked into manually running malicious commands to address non-existent errors, is a departure from relying on traditional methods for obtaining initial access, such as through stolen credentials
Bleeping Computer
AI agents are autonomous actors with real access to data and systems, not just copilots. Token Security explains why identity-based access control is critical to prevent misuse and data exposure. [...]
Bleeping Computer
A new font-rendering attack causes AI assistants to miss malicious commands shown on webpages by hiding them in seemingly harmless HTML. [...]