DATE | NAME |
Info | CATEG. |
WEB |
| 14.5.26 | PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure | Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI , an open-source multi-agent | AI | The Hacker News |
| 14.5.26 | Google: Hackers used AI to develop zero-day exploit for web admin tool | Researchers at Google Threat Intelligence Group (GTIG) say that a zero-day exploit targeting a popular open-source web administration tool was likely generated using AI. | AI | BleepingComputer |
| 13.5.26 | Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday | Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it's being tested by some customers as part of a limited private preview. | AI | The Hacker News |
| 12.5.26 | GTIG AI Threat Tracker: Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access | Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. | AI | GTI |
| 12.5.26 | OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation | OpenAI has launched Daybreak , a new cybersecurity initiative that brings together frontier artificial intelligence (AI) model capabilities and Codex | AI | The Hacker News |
| 12.5.26 | Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation | Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial | AI | The Hacker News |
| 11.5.26 | Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads | A malicious Hugging Face repository managed to take a spot in the platform's trending list by impersonating OpenAI's Privacy Filter open-weight model to deliver a Rust-based information stealer to Windows users. | AI | The Hacker News |
| 10.5.26 | Fake OpenAI repository on Hugging Face pushes infostealer malware | A malicious Hugging Face repository that reached the platform's trending list impersonated OpenAI's "Privacy Filter" project to deliver information-stealing malware to Windows users. | AI | BleepingComputer |
| 10.5.26 | Fake Claude AI website delivers new 'Beagle' Windows malware | A fake version for the Claude AI website offers a malicious Claude-Pro Relay download that pushes a previously undocumented backdoor for Windows named Beagle. | AI | BleepingComputer |
| 9.5.26 | An Adaptive Cyber Analytics UI for Web Honeypot Logs [Guest Diary] | Through the expansion of Large Language Models (LLMs), cybersecurity has exploded with a variety of tools for both offensive and defensive purposes. | AI | SANS |
| 2.5.26 | Learning from the Vercel breach: Shadow AI & OAuth sprawl | A single third-party OAuth integration can become a direct path into your environment. Push explains how the Vercel breach shows a compromised OAuth app can lead to widespread impact across downstream customers. | AI | |
| 2.5.26 | Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw | Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by exploiting a critical vulnerability tracked as CVE-2026-42208. | AI | BleepingComputer |
| 30.4.26 | Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution | Google has addressed a maximum severity security flaw in Gemini CLI -- the "@google/gemini-cli" npm package and the "google-github-actions/run-gemini- | AI | The Hacker News |
| 22.4.26 | Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape | A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, | AI | The Hacker News |
| 20.4.26 | Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain | Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's ( MCP ) architecture that could pave the way for | AI | The Hacker News |
| 20.4.26 | Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials | Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel systems. | AI | The Hacker News |
| 19.4.26 | Google expands Gemini AI use to fight malicious ads on its platform | Google says it is increasingly using its Gemini AI models to detect and block harmful ads on its advertising platforms, as scammers and threat actors continue to evolve their tactics to evade detection. | AI | BleepingComputer |
| 19.4.26 | New ATHR vishing platform uses AI voice agents for automated attacks | A new cybercrime platform called ATHR can harvest credentials via fully automated voice phishing attacks that use both human operators and AI agents for the social engineering phase. | AI | |
| 19.4.26 | Most "AI SOCs" Are Just Faster Triage. That's Not Enough. | AI-powered SOC tools promise automation, but most only speed up triage instead of reducing real workload. Tines shows how real gains come from end-to-end workflows that execute actions across systems, not just summarize alerts. | AI | BleepingComputer |
| 18.4.26 | OpenAI rotates macOS certs after Axios attack hit code-signing workflow | OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious Axios package during a recent supply chain attack. | AI | |
| 16.4.26 | Scanning for AI Models | Starting March 10, 2026, my DShield sensor started getting probe for various AI models such as claude, openclaw, huggingface, etc. | AI | SANS |
| 15.4.26 | OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams | OpenAI on Tuesday unveiled GPT-5.4-Cyber , a variant of its latest flagship model, GPT‑5.4 , that's specifically optimized for defensive | AI | The Hacker News |
| 14.4.26 | Satori Threat Intelligence Alert: Pushpaganda Manipulates Google Discovery Feeds with AI-Generated Content to Spread Malicious Notifications | HUMAN’s Satori Threat Intelligence and Research Team has identified a novel ad fraud, social engineering, and scareware threat dubbed Pushpaganda. This operation, named for push notifications central to the scheme, generates invalid organic traffic from real mobile devices by tricking users into subscribing to enabling notifications that presented alarming messages. | AI | HUMAN SECURITY |
| 14.4.26 | AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud | Cybersecurity researchers have unmasked a novel ad fraud scheme that has been found to leverage search engine poisoning (SEO) techniques and artificial | AI | The Hacker News |
| 14.4.26 | OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident | OpenAI revealed a GitHub Actions workflow used to sign its macOS apps led to the download of the malicious Axios library on March 31, but noted that no | AI | The Hacker News |
| 9.4.26 | Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems | Artificial Intelligence (AI) company Anthropic announced a new cybersecurity initiative called Project Glasswing that will use a preview version of its new | AI | The Hacker News |
| 8.4.26 | Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed | Threat actors are exploiting a maximum-severity security flaw in Flowise , an open-source artificial intelligence (AI) platform, according to new findings | AI | The Hacker News |
| 6.4.26 | Claude Code leak used to push infostealer malware on GitHub | Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. | AI | BleepingComputer |
| 5.4.26 | Claude Code source code accidentally leaked in NPM package | Anthropic says it accidentally leaked the source code for Claude Code, which is closed source, but the company says no customer data or credentials were exposed. | AI | BleepingComputer |
| 4.4.26 | Claude AI finds Vim, Emacs RCE bugs that trigger on file open | Vulnerabilities in the Vim and GNU Emacs text editors, discovered using simple prompts with the Claude assistant, allow remote code execution simply by opening a file. | AI | |
| 4.4.26 | How to Categorize AI Agents and Prioritize Risk | AI agent risk isn't equal, it scales with access to systems and level of autonomy. Token Security explains how CISOs should categorize agents and prioritize what to secure first. | AI | |
| 1.4.26 | How to Evaluate AI SOC Agents: 7 Questions Gartner Says You Should Be Asking | AI SOC agents can reduce alert fatigue, but most teams fail to measure real outcomes. Prophet Security breaks down Gartner's questions for evaluating AI SOC agents and separating real impact from hype. | AI | |
| 1.4.26 | Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms | Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence (AI) coding assistant, Claude Code, had been inadvertently | AI | The Hacker News |
| 31.3.26 | Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts | Cybersecurity researchers have disclosed a security "blind spot" in Google Cloud's Vertex AI platform that could allow artificial intelligence (AI) agents to | AI | The Hacker News |
| 31.3.26 | OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability | A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, | AI | The Hacker News |
| 29.3.26 | GitHub adds AI-powered bug detection to expand security coverage | GitHub is adopting AI-based scanning for its Code Security tool to expand vulnerability detections beyond the CodeQL static analysis and cover more languages and frameworks | AI | BleepingComputer |
| 29.3.26 | Bubble AI app builder abused to steal Microsoft account credentials | Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building platform Bubble to generate and host malicious web apps. | AI | |
| 27.3.26 | LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks | Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could | AI | The Hacker News |
| 26.3.26 | Varonis Atlas: Securing AI and the Data That Powers It | AI agents can access data directly, making data security the foundation of AI security. Learn more about how Varonis Atlas helps orgs see, secure, and control AI systems and the data they can reach. | AI | |
| 26.3.26 | Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website | Cybersecurity researchers have disclosed a vulnerability in Anthropic's Claude Google Chrome Extension that could have been exploited to trigger malicious | AI | The Hacker News |
| 19.3.26 | Shadow AI is everywhere. Here’s how to find and secure it. | Shadow AI is quietly spreading across SaaS environments as employees adopt new AI tools without IT oversight. Nudge Security explains how security teams can discover AI apps, monitor usage, and govern risky AI activity. | AI | |
| 19.3.26 | OpenAI says ChatGPT ads are not rolling out globally for now | OpenAI told BleepingComputer that ChatGPT ads on Free and Go plans are not yet rolling out outside the United States, even though some users noticed references to ads in the updated privacy policy. | AI | BleepingComputer |
| 18.3.26 | AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE | Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution | AI | The Hacker News |
| 15.3.26 | OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration | China's National Computer Network Emergency Response Technical Team (CNCERT) has issued a warning about the security stemming from the use of | AI | The Hacker News |
| 15.3.26 | AI-generated Slopoly malware used in Interlock ransomware attack | A new malware strain dubbed Slopoly, likely created using generative AI tools, allowed a threat actor to remain on a compromised server for more than a week and steal data in an Interlock ransomware attack. | AI | |
| 13.3.26 | Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks | Cybersecurity researchers have disclosed details of a suspected artificial intelligence (AI)-generated malware codenamed Slopoly put to use by a | AI | The Hacker News |
| 11.3.26 | Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes | Agentic web browsers that leverage artificial intelligence (AI) capabilities to autonomously execute actions across multiple websites on behalf of a user | AI | The Hacker News |
| 11.3.26 | Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets | Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat | AI | The Hacker News |
| 8.3.26 | Microsoft: Hackers abusing AI at every stage of cyberattacks | Microsoft says threat actors are increasingly using artificial intelligence in their operations to accelerate attacks, scale malicious activity, and lower technical barriers across all aspects of a cyberattack. | AI | |
| 8.3.26 | EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security | EC-Council, creator of the world-renowned Certified Ethical Hacker (CEH) credential and a global leader in applied cybersecurity education, today launched its Enterprise AI Credential Suite, with four new role-based AI certifications debuting alongside Certified CISO v4, an overhauled executive cyber leadership program. | AI | |
| 8.3.26 | Bing AI promoted fake OpenClaw GitHub repo pushing info-stealing malware | Fake OpenClaw installers hosted in GitHub repositories and promoted by Microsoft Bing's AI-enhanced search feature instructed users to run commands that deployed information stealers and proxy malware. | AI | BleepingComputer |
| 8.3.26 | OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues | OpenAI on Friday began rolling out Codex Security , an artificial intelligence (AI)-powered security agent that's designed to find, validate, and propose fixes | AI | The Hacker News |
| 8.3.26 | Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model | Anthropic on Friday said it discovered 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla. Of these, 14 | AI | The Hacker News |
| 7.3.26 | Transparent Tribe Uses AI to Mass-Produce Malware Implants in Campaign Targeting India | The Pakistan-aligned threat actor known as Transparent Tribe has become the latest hacking group to embrace artificial intelligence (AI)-powered coding | AI | The Hacker News |
| 5.3.26 | CyberStrikeAI tool adopted by hackers for AI-powered attacks | Researchers warn that a newly identified open-source AI security testing platform called CyberStrikeAI was used by the same threat actor behind a recent campaign that breached hundreds of Fortinet FortiGate firewalls. | AI | BleepingComputer |
| 5.3.26 | Anthropic confirms Claude is down in a worldwide outage | Claude appears to be having a major outage right now, with elevated errors reported across all platforms. | AI | |
| 3.3.26 | Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries | The threat actor behind the recently disclosed artificial intelligence (AI)-assisted campaign targeting Fortinet FortiGate appliances leveraged an open- | AI | The Hacker News |
| 3.3.26 | New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel | Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate | AI | The Hacker News |
| 1.3.26 | Ukrainian man pleads guilty to running AI-powered fake ID site | A Ukrainian man has pleaded guilty to operating OnlyFake, an AI-powered website that generated and sold more than 10,000 photos of fake identification documents to customers worldwide. | AI | |
| 1.3.26 | Previously harmless Google API keys now expose Gemini AI data | Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI assistant and access private data. | AI | |
| 1.3.26 | ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket | OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally | AI | The Hacker News |
| 28.2.26 | Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement | New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to | AI | The Hacker News |
| 28.2.26 | Pentagon Designates Anthropic Supply Chain Risk Over AI Military Dispute | Anthropic on Friday hit back after U.S. Secretary of Defense Pete Hegseth directed the Pentagon to designate the artificial intelligence (AI) upstart as a | AI | The Hacker News |
| 28.2.26 | Identity-First AI Security: Why CISOs Must Add Intent to the Equation | AI agents now provision infrastructure and approve actions, but many inherit over-scoped privileges without proper governance. Token Security explains why CISOs must treat agents as identities and add intent-based controls so access is granted only when purpose and context align. | AI | |
| 28.2.26 | Arkanix Stealer pops up as short-lived AI info-stealer experiment | An information-stealing malware operation named Arkanix Stealer, promoted on multiple dark web forums towards the end of 2025, was likely developed as an AI-assisted experiment. | AI | |
| 26.2.26 | Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration | Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic's Claude Code, an artificial intelligence (AI)-powered coding | AI | The Hacker News |
| 24.2.26 | Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model | Anthropic on Monday said it identified "industrial-scale campaigns" mounted by three artificial intelligence (AI) companies, DeepSeek, Moonshot AI, and MiniMax, to illegally extract Claude's capabilities to improve their own models. | AI | The Hacker News |
| 22.2.26 | Amazon: AI-assisted hacker breached 600 Fortinet firewalls in 5 weeks | Amazon is warning that a Russian-speaking hacker used multiple generative AI services as part of a campaign that breached more than 600 FortiGate firewalls across 55 countries in five weeks. | AI | |
| 22.2.26 | PromptSpy is the first known Android malware to use generative AI at runtime | Researchers have discovered the first known Android malware to use generative AI in its execution flow, using Google's Gemini model to adapt its persistence across different devices. | AI | |
| 22.2.26 | AI platforms can be abused for stealthy malware communication | AI assistants like Grok and Microsoft Copilot with web browsing and URL-fetching capabilities can be abused to intermediate command-and-control (C2) activity. | AI | |
| 22.2.26 | AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries | A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services | AI | The Hacker News |
| 21.2.26 | Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning | Artificial intelligence (AI) company Anthropic has begun to roll out a new security feature for Claude Code that can scan a user's software codebase for | AI | The Hacker News |
| 21.2.26 | EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security | With $5.5 trillion in global AI risk exposure and 700,000 U.S. workers needing reskilling, four new AI certifications and Certified CISO v4 help close the gap | AI | The Hacker News |
| 21.2.26 | Microsoft says bug causes Copilot to summarize confidential emails | Microsoft says a Microsoft 365 Copilot bug has been causing the AI assistant to summarize confidential emails since late January, bypassing data loss prevention (DLP) policies that organizations rely on to protect sensitive information. | AI | |
| 20.2.26 | PromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence | Cybersecurity researchers have discovered what they say is the first Android malware that abuses Gemini, Google's generative artificial intelligence (AI) | AI | The Hacker News |
| 18.2.26 | AI in the Middle: Turning Web-Based AI Services into C2 Proxies & The Future Of AI Driven Attacks | Check Point Research (CPR) has discovered that certain AI assistants that support web browsing or URL fetching can be abused as covert command-and-control relays (“AI as a proxy”), allowing attacker traffic to blend seamlessly into legitimate, commonly permitted enterprise communications. | AI | CHECKPOINT |
| 17.2.26 | Microsoft Finds “Summarize with AI” Prompts Manipulating Chatbot Recommendations | New research from Microsoft has revealed that legitimate businesses are gaming artificial intelligence (AI) chatbots via the "Summarize with AI" button | AI | The Hacker News |
| 16.2.26 | Safe and Inclusive E‑Society: How Lithuania Is Bracing for AI‑Driven Cyber Fraud | Presentation of the KTU Consortium Mission ‘A Safe and Inclusive Digital Society’ at the Innovation Agency event ‘Innovation Breakfast: How Mission- | AI | The Hacker News |
| 15.2.26 | Claude LLM artifacts abused to push Mac infostealers in ClickFix attack | Threat actors are abusing Claude artifacts and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users searching for specific queries. | AI | |
| 14.2.26 | Fake AI Chrome extensions with 300K users steal credentials, emails | A set of 30 malicious Chrome extensions that have been installed by more than 300,000 users are masquerading as AI assistants to steal credentials, email content, and browsing information. | AI | |
| 14.2.26 | Google says hackers are abusing Gemini AI for all attacks stages | Google Threat Intelligence Group (GTIG) has published a new report warning about AI model extraction/distillation attacks, in which private-sector firms and researchers use legitimate API access to systematically probe models and replicate their logic and reasoning. | AI | |
| 13.2.26 | Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support | Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to | AI | The Hacker News |
| 12.2.26 | Password guessing without AI: How attackers build targeted wordlists | Attackers don't need AI to crack passwords, they build targeted wordlists from an organization's own public language. This article explains how tools like CeWL turn websites into high-success password guesses and why complexity rules alone fall short. | AI | |
| 7.2.26 | AI Agent Identity Management: A New Security Control Plane for CISOs | Autonomous AI agents are creating a new identity blind spot as they operate outside traditional IAM controls. Token Security shows why managing the full lifecycle of AI agent identities is becoming a critical CISO priority. | AI | |
| 7.2.26 | UK privacy watchdog probes Grok over AI-generated sexual images | The United Kingdom's data protection authority launched a formal investigation into X and its Irish subsidiary over reports that the Grok AI assistant was used to generate nonconsensual sexual images. | AI | |
| 7.2.26 | French prosecutors raid X offices, summon Musk over Grok deepfakes | French prosecutors have raided X's offices in Paris on Tuesday as part of a criminal investigation into the platform's Grok AI tool, widely used to generate sexually explicit images. | AI | |
| 7.2.26 | Malicious MoltBot skills used to push password-stealing malware | More than 230 malicious packages for the personal AI assistant OpenClaw (formerly known as Moltbot and ClawdBot) have been published in less than a week on the tool's official registry and on GitHub. | AI | |
| 7.2.26 | U.S. convicts ex-Google engineer for sending AI tech data to China | A U.S. federal jury has convicted Linwei Ding, a former software engineer at Google, for stealing AI supercomputer data from his employer and secretly sharing it with Chinese tech firms. | AI | |
| 6.2.26 | Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries | Artificial intelligence (AI) company Anthropic revealed that its latest large language model (LLM), Claude Opus 4.6, has found more than 500 previously | AI | The Hacker News |
| 3.2.26 | Viral Moltbot AI assistant raises concerns over data security | Security researchers are warning of insecure deployments in enterprise environments of the Moltbot (formerly Clawdbot) AI assistant, which can lead to leaking API keys, OAuth tokens, conversation history, and credentials. | AI | |
| 3.2.26 | AI Is Rewriting Compliance Controls and CISOs Must Take Notice | AI agents are now executing regulated actions, reshaping how compliance controls actually work. Token Security explains why CISOs must rethink identity, access, and auditability as AI becomes a digital employee. | AI | |
| 3.2.26 | Hackers hijack exposed LLM endpoints in Bizarre Bazaar operation | A malicious campaign is actively targeting exposed LLM (Large Language Model) service endpoints to commercialize unauthorized access to AI infrastructure. | AI | |
| 3.2.26 | Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox | Mozilla on Monday announced a new controls section in its Firefox desktop browser settings that allows users to completely turn off generative artificial | AI | The Hacker News |
| 31.1.26 | Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access | Cybersecurity researchers have discovered malicious Google Chrome extensions that come with capabilities to hijack affiliate links, steal data, and | AI | The Hacker News |
| 30.1.26 | Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries | A new joint investigation by SentinelOne SentinelLABS, and Censys has revealed that the open-source artificial intelligence (AI) deployment has | AI | The Hacker News |
| 29.1.26 | Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware | Cybersecurity researchers have flagged a new malicious Microsoft Visual Studio Code (VS Code) extension for Moltbot (formerly Clawdbot) on the | AI | The Hacker News |
| 27.1.26 | Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code | Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence | AI | The Hacker News |
| 26.1.26 | Winning Against AI-Based Attacks Requires a Combined Defensive Approach | If there's a constant in cybersecurity, it's that adversaries are always innovating. The rise of offensive AI is transforming attack strategies and | AI | The Hacker News |
| 26.1.26 | Konni Hackers Deploy AI-Generated PowerShell Backdoor Against Blockchain Developers | The North Korean threat actor known as Konni has been observed using PowerShell malware generated using artificial intelligence (AI) tools to target | AI | The Hacker News |
| 25.1.26 | Malicious AI extensions on VSCode Marketplace steal developer data | Two malicious extensions in Microsoft's Visual Studio Code (VSCode) Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers. | AI | |
| 25.1.26 | What an AI-Written Honeypot Taught Us About Trusting Machines | AI-generated code can introduce subtle security flaws when teams over-trust automated output. Intruder shows how an AI-written honeypot introduced hidden vulnerabilities that were exploited in attacks. | AI | |
| 25.1.26 | Curl ending bug bounty program after flood of AI slop reports | The developer of the popular curl command-line utility and library announced that the project will end its HackerOne security bug bounty program at the end of this month, after being overwhelmed by low-quality AI-generated vulnerability reports. | AI | |
| 25.1.26 | Microsoft updates Notepad and Paint with more AI features | Microsoft is rolling out new artificial intelligence features with the latest updates to the Notepad and Paint apps for Windows 11 Insiders. | AI | |
| 25.1.26 | Chainlit AI framework bugs let hackers breach cloud environments | Two high-severity vulnerabilities in Chainlit, a popular open-source framework for building conversational AI applications, allow reading any file on the server and leak sensitive information. | AI | |
| 25.1.26 | Gemini AI assistant tricked into leaking Google Calendar data | Using only natural language instructions, researchers were able to bypass Google Gemini's defenses against malicious prompt injection and create misleading events to leak private Calendar data. | AI | |
| 22.1.26 | Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs | Security vulnerabilities were uncovered in the popular open-source artificial intelligence (AI) framework Chainlit that could allow attackers to steal | AI | The Hacker News |
| 22.1.26 | Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution | A set of three security vulnerabilities has been disclosed in mcp-server-git , the official Git Model Context Protocol ( MCP ) server maintained by Anthropic, | AI | The Hacker News |
| 20.1.26 | Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites | Cybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to | AI | The Hacker News |
| 18.1.26 | OpenAI to Show Ads in ChatGPT for Logged-In U.S. Adults on Free and Go Plans | OpenAI on Friday said it would start showing ads in ChatGPT to logged-in adult U.S. users in both the free and ChatGPT Go tiers in the coming weeks, as the | AI | The Hacker News |
| 14.1.26 | ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation | ServiceNow has disclosed details of a now-patched critical security flaw impacting its ServiceNow artificial intelligence (AI) Platform that could enable an unauthenticated user to | AI | The Hacker News |
| 11.1.26 | Hackers target misconfigured proxies to access paid LLM services | Threat actors are systematically hunting for misconfigured proxy servers that could provide access to commercial large language model (LLM) services. | AI | |
| 10.1.26 | New GoBruteforcer attack wave targets crypto, blockchain projects | A new wave of GoBruteforcer botnet malware attacks is targeting databases of cryptocurrency and blockchain projects on exposed servers believed to be configured using AI-generated examples. | AI | |
| 10.1.26 | In 2026, Hackers Want AI: Threat Intel on Vibe Hacking & HackGPT | Cybercriminals are increasingly using AI to lower the barrier to entry for fraud and hacking, shifting from skill-based to AI-assisted attacks known as "vibe hacking." Flare examines how underground forums promote AI tools, jailbreak techniques, and so-called "Hacking-GPT" services that promise ease rather than technical mastery. | AI | |
| 9.1.26 | How generative AI accelerates identity attacks against Active Directory | Generative AI is accelerating password attacks against Active Directory, making credential abuse faster and more effective. Specops Software explains how AI-driven cracking techniques exploit weak and predictable AD passwords. | AI | |
| 9.1.26 | Are Copilot prompt injection flaws vulnerabilities or AI limits? | Microsoft has pushed back against claims that multiple prompt injection and sandbox-related issues raised by a security engineer in its Copilot AI assistant constitute security vulnerabilities. The development highlights a growing divide between how vendors and researchers define risk in generative AI systems. | AI | |
| 9.1.26 | Agentic AI Is an Identity Problem and CISOs Will Be Accountable for the Outcome | As agentic AI adoption accelerates, identity is emerging as the primary security challenge. Token Security explains why AI agents behave like a new class of identity and why CISOs must manage their access, lifecycle, and risk. | AI | |
| 8.1.26 | OpenAI Launches ChatGPT Health with Isolated, Encrypted Health Data Controls | Artificial intelligence (AI) company OpenAI on Wednesday announced the launch of ChatGPT Health, a dedicated space that allows users to have conversations with the chatbot about | AI | The Hacker News |
| 7.1.26 | Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users | Cybersecurity researchers have discovered two new malicious extensions on the Chrome Web Store that are designed to exfiltrate OpenAI ChatGPT and DeepSeek conversations | AI | The Hacker News |
| 3.1.26 | The Real-World Attacks Behind OWASP Agentic AI Top 10 | OWASP's new Agentic AI Top 10 highlights real-world attacks already targeting autonomous AI systems, from goal hijacking to malicious MCP servers. Koi Security breaks down real-world incidents behind multiple categories, including two cases cited by OWASP, showing how agent tools and runtime behavior are being abused. | AI | |