SecurityWeek

Cursor AI Vulnerability Exposed Developer Devices

NomShub, a vulnerability chain in Cursor AI, allowed attackers to achieve persistent access to systems via indirect prompt ...
The Hacker News

Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles

Updated LOTUSLITE targets India banking sector via CHM and DLL side-loading, expanding espionage campaign to South Korea and ...

New Mirai campaign exploits RCE flaw in EoL D-Link routers

A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability ...
CSO Online

Prompt injection turned Google’s Antigravity file search into RCE

A prompt injection flaw in Google’s Antigravity IDE turns a file search tool into a remote code execution vector, bypassing ...
Dark Reading

Google Fixes Critical RCE Flaw in AI-Based 'Antigravity' Tool

The prompt-injection issue in the agentic AI product for filesystem operations was a sanitization issue that allowed for ...
Infosecurity Magazine

MacOS Native Tools Enable Stealthy Enterprise Attacks

A growing range of native macOS features are being repurposed by attackers to execute code, move laterally and evade ...

Microsoft: Teams increasingly abused in helpdesk impersonation attacks

Microsoft is warning of threat actors increasingly abusing external Microsoft Teams collaboration and relying on legitimate ...
Security Boulevard

Tropic Trooper Pivots to AdaptixC2 and Custom Beacon Listener

IntroductionOn March 12, 2026, Zscaler ThreatLabz discovered a malicious ZIP archive containing military-themed document ...
The Hacker News

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

PHANTOMPULSE spreads via Obsidian plugin abuse in REF6598 campaign, targeting finance and crypto users, bypassing AV controls ...
Homeland Security Today

Two U.S. Nationals Sentenced for Operating Fake Remote Worker Laptop Farms for North Korea

The Justice Department has announced the sentencings of two U.S. nationals, Kejia Wang, 42, and Zhenxing Wang, 39, for their ...

Microsoft’s Patch Tuesday release for April is a whopper

Nearly every major product family needs immediate patching, from Windows to Office to Microsoft Edge, SQL Server, and even ...
Infosecurity Magazine

US Nationals Jailed for Operating Fake Remote Worker Laptop Farms for North Korea

Two US nationals have been imprisoned for their role in helping to facilitate laptop farms for North Korean remote IT worker ...