A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

It is exactly this backdoor that had Google conclude this was a North Korea-sponsored campaign. GTIG said WAVESHAPER.V2 is an ...

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...

Claude extension flaw allowed zero click attacks, letting hackers inject commands and access sensitive user data.

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...

The OWASP Top 10 for LLM Applications is the most widely referenced framework for understanding these risks. First released in 2023, OWASP updated the list in late 2024 to reflect real-world incidents ...

This critical Chrome browser vulnerability lets malicious extensions spy on your PC ...

Abstract: False data injection attacks are commonly used to evade the bad data detector in cyber-physical power systems. This paper proposes an extended attack strategy and a deep reinforcement ...

Deepfakes are evolving and are no longer confined to misinformation campaigns or viral media manipulation. Most security teams already understand the deepfake problem; however, the more urgent shift ...

Microsoft has implemented and continues to deploy mitigations against prompt injection attacks in Copilot, the company announced last week. Spammers were using the "Summarize with AI" type of buttons ...