Artificial Intelligence (AI) is no longer just a tool we talk to; it is a tool that does things for us. These are called AI Agents. They can send emails, move data, and even manage software on their own.
But there is a problem. While these agents make work faster, they also open a new "back door" for hackers.
The Problem: "The Invisible Employee"
Think of an AI Agent like a new employee who has
You can't control when the next critical vulnerability drops. You can control how much of your environment is exposed when it does. The problem is that most teams have more internet-facing exposure than they realise. Intruder's Head of Security digs into why this happens and how teams can manage it deliberately.
Time-to-exploit is shrinking
The larger and less controlled your attack surface is,
The Russian state-sponsored hacking group tracked as APT28 has been observed using a pair of implants dubbed BEARDSHELL and COVENANT to facilitate longβterm surveillance of Ukrainian military personnel.
The two malware families have been put to use since April 2024, ESET said in a new report shared with The Hacker News.
APT28, also tracked as Blue Athena, BlueDelta, Fancy Bear, Fighting Ursa,
Salesforce has warned of an increase in threat actor activity that's aimed at exploiting misconfigurations in publicly accessible Experience Cloud sites by making use of a customized version of an open-source tool called AuraInspector.
The activity, per the company, involves the exploitation of customers' overly permissive Experience Cloud guest user configurations to obtain access to sensitive
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability list is as follows -
CVE-2021-22054 (CVSS score: 7.5) - A server-side request forgery (SSRF) vulnerability in Omnissa Workspace One UEM (formerly VMware Workspace One UEM) that
Since starting HIBP a dozen and a bit years ago, I've loaded an average of one breach every 4.7 days. That's 959 of them to date, but last week it was five in only two days. That's a few weeks' worth of breaches in only 48 and a half hours. And that's the way it tends to be in this industry: flurries of activity followed by periods of silence. I obviously don't have any control over the cadence of breaches (nor when they begin circulating), which does make for some interesting scheduling challenges. Somewhere amongst responding to those incidents, we manage to do all the other mechanical things required to keep this service running the way it does. Anyway, this week it's "breachapalooza", with some behind-the-scenes info on the Odido, KomikoAI, Quitbro, Lovora and Provecho.
Researchers at red-team security startup CodeWall say their AI agent hacked McKinsey's internal AI platform and gained full read and write access to the chatbot in just two hours.β¦
Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan (RAT) and steal sensitive data from compromised hosts.
The package, named "@openclaw-ai/openclawai," was uploaded to the registry by a user named "openclaw-ai" on March 3, 2026. It has been downloaded 178 times to date. The library is still available for
And they abused a Mandiant-developed open source tool in the attacks
ShinyHunters told The Register that it has stolen data from about 100 high-profile companies in its latest Salesforce customer data heist, including Salesforce itself.β¦
The North Korean threat actor known as UNC4899 is suspected to be behind a sophisticated cloud compromise campaign targeting a cryptocurrency organization in 2025 to steal millions of dollars in cryptocurrency.
The activity has been attributed with moderate confidence to the state-sponsored adversary, which is also tracked under the cryptonyms Jade Sleet, PUKCHONG, Slow Pisces, and
Another week in cybersecurity. Another week of "you've got to be kidding me."
Attackers were busy. Defenders were busy. And somewhere in the middle, a whole lot of people had a very bad Monday morning. That's kind of just how it goes now.
The good news? There were some actual wins this week. Real ones. The kind where the good guys showed up, did the work, and made a dent. It doesn't always
Cisco Security and Splunk protected Cisco Live Amsterdam with the first conference Security Operations Center. Learn about the latest innovations for the SOC of the Future.
During Cisco Live EMEA we noticed a variety of AI tools being used across the network. Letβs take a closer look at what tools were seen in the network traffic.
Cisco XDR, Splunk, Cisco Secure Firewall, and Endace (Zeek) were used to investigate a spike in security alerts at Cisco Live EMEA, quickly distinguishing genuine threats from environmental noise through correlated incident analysis and network context.
The Cisco Live Amsterdam SOC team upgraded to Secure Firewallversion 10.0, deploying new Splunk integrations and Advanced Loggingfeatures to enhance SIEM data quality and visibility, streamlineconfiguration.
Mid-market organizations are constantly striving to achieve security levels on a par with their enterprise peers. With heightened awareness of supply chain attacks, your customers and business partners are defining the security level you must meet.
What if you could be the enabler for your organization to remain competitive β and help win business β by easily demonstrating that you meet these
Two Google Chrome extensions have turned malicious after what appears to be a case of ownership transfer, offering attackers a way to push malware to downstream customers, inject arbitrary code, and harvest sensitive data.
The extensions in question, both originally associated with a developer named "akshayanuonline@gmail.com" (BuildMelon), are listed below -
QuickLens - Search Screen with
Login
