A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Microsoft’s AutoJack research shows how a malicious webpage rendered by an AI browsing agent can reach local MCP services and ...

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...

ThreatsDay Bulletin covers AI abuse, poisoned packages, phishing, macOS attacks, SD-WAN flaws, scams, and supply-chain ...

Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the ...

The Information Security researchers at University College London (UCL) analyzed an archive of 12.16 million GPS observations ...

Posts from this author will be added to your daily email digest and your homepage feed. is editor-in-chief of The Verge, host of the Decoder podcast, and co-host of The Vergecast. Today, I’m talking ...

IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...

Researchers from Tokyo Metropolitan University have created a new paradigm for identifying online phishing campaigns. Their ...

The New York Times’ Ryan Mac on how the SpaceX IPO is shaping up to be the greatest Musk gambit yet. I wanted to have Ryan on the show because we’re on the cusp of the SpaceX IPO, which promises to be ...

Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and codebases.