AI Agents Are Going Rogue: Here’s How to Rein Them In
Human-centered identity frameworks are incorrectly being applied to AI agents, creating the potential for catastrophe at machine speed, Poghosyan argues.
AI Security Agents Get Personas to Make Them More Appealing
New synthetic security staffers promise to bring artificial intelligence comfortably into the security operations center, but they will require governance to protect security.
Ollama, Nvidia Flaws Put AI Infrastructure at Risk
Security researchers discovered multiple vulnerabilities in AI infrastructure products, including one capable of remote code execution.
Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation
A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to sabotage database operations and corrupt industrial control systems. According to software supply chain security company Socket, the packages were published in 2023 and 2024 by a user named “shanhai666” and are designed to run malicious code after specific…
Enterprise Credentials at Risk – Same Old, Same Old?
Imagine this: Sarah from accounting gets what looks like a routine password reset email from your organization’s cloud provider. She clicks the link, types in her credentials, and goes back to her spreadsheet. But unknown to her, she’s just made a big mistake. Sarah just accidentally handed over her login details to cybercriminals who are…
Google Launches New Maps Feature to Help Businesses Report Review-Based Extortion Attempts
Google on Thursday said it’s rolling out a dedicated form to allow businesses listed on Google Maps to report extortion attempts made by threat actors who post inauthentic bad reviews on the platform and demand ransoms to remove the negative comments. The approach is designed to tackle a common practice called review bombing, where online…
runC Container Escape Vulnerabilities
What is the Vulnerability? High-severity vulnerabilities in runc (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) were disclosed in early November 2025. A malicious or compromised container image can abuse how runc handles masked paths, bind-mounts, and special files to write to the host /proc filesystem and escape the container boundary – enabling remote code execution on the host, persistence,…
Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities
Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities that appears to be created with the help of artificial intelligence – in other words, vibe-coded. Secure Annex researcher John Tuckner, who flagged the extension “susvsex,” said it does not attempt to hide its malicious functionality. The extension was…
Sora 2 Makes Videos So Believable, Reality Checks Are Required
Threat actors will continue to abuse deepfake technology to conduct fraudulent activity, so organizations need to implement strong security protocols – even if it adds to user friction.
SonicWall Firewall Backups Stolen by Nation-State Actor
The network security vendor said the MySonicWall breach was unrelated to the recent wave of Akira ransomware attacks targeting the company’s devices.