Malicious npm package steals WhatsApp accounts and messages
A malicious package in the Node Package Manager (NPM) registry poses as a legitimate WhatsApp Web API library to steal WhatsApp messages, collect contacts, and gain access to the account.
ΑΙ Cybersec Space
DIG AI: Darknet AI assistant aids criminals and terrorists
['Resecurity has identified the emergence of uncensored darknet AI assistants. These tools enable threat actors to leverage advanced data processing capabilities for malicious purposes. One such assistant, named DIG AI, was identified on September 29 of this year. It has already gained popularity among cybercriminal and organized crime circles.', 'During Q4 2025, our HUNTER team observed a notable increase in malicious actors utilizing DIG AI. This acceleration occurred during the Winter Holidays, a period when illegal activity worldwide reached a peak. The post originally appeared on Help Net Security.']
Anubis: Open-source AI firewall protects websites from scraper bots.
Anubis is an open-source tool designed to protect websites from automated scraping and abusive traffic by adding computational friction before a...
Cisco zero-day exploited, Kali Linux 2025.4 released: A security week in review.
This overview presents some of last week’s most interesting news, articles, interviews, and videos. Researchers are teaching AI agents to ask for...
Instacart to refund $60M for deceptive subscription tactics, FTC announces
Grocery delivery service Instacart will refund $60 million to settle FTC claims that it misled customers with false advertising and unlawfully...
AI systems need partitioned threat models, not a single risk approach.
In a Help Net Security interview, Naor Penso, CISO at Cerebras Systems, explains how to threat model modern AI stacks. He emphasizes avoiding a...
NIS2 Compliance: Mastering Passwords and MFA for Stronger Security
NIS2 puts identity and access controls under the spotlight, with weak passwords and poor authentication now a compliance risk. Specops Software...
Apiiro AI SAST uses deep code analysis to eliminate false positives.
Apiiro introduced Apiiro AI SAST, a new approach to static application security testing (SAST). It automates code risk detection, validation, and...
AppGate secures AI workloads with zero trust and Agentic AI Core Protection
AppGate announced the launch of Agentic AI Core Protection, a new capability within AppGate ZTNA. It is designed to secure AI workloads deployed...
Concentric AI expands Private Scan Manager with Azure for regulated industries
Concentric AI announced expanded Private Scan Manager functionality in its Semantic Intelligence data security governance platform. Customers now...
AI access: A civil right across generations?
AI use is expanding faster than its supporting infrastructure. This growing gap is becoming critical for security, resilience, and access. A new...
Amazon warns of cryptomining campaign using hacked AWS accounts
Amazon's AWS GuardDuty security team is warning of an ongoing crypto-mining campaign that targets its Elastic Compute Cloud (EC2) and Elastic...
Microsoft urges IT admins to fix Windows IIS failures
Microsoft has asked businesses to reach out for advice on how to temporarily mitigate a Message Queuing (MSMQ) issue causing enterprise apps and...
Hadrian's AI exposes vulnerabilities proactively, preventing attacks.
Hadrian launched its offensive Agentic AI Platform, designed to find external exposures and test them for exploitability. This platform takes a...
Vectra AI redefines hybrid resilience across attack lifecycle
Vectra AI redefines hybrid attack resilience across the full attack lifecycle by unifying controls pre-and-post compromise within the Vectra AI...
AI rapidly changes security landscape, challenging traditional playbooks
AI has moved into enterprise operations faster than many security programs expected. It is embedded in workflows, physical systems, and core...
European authorities dismantle Ukraine call center fraud ring
European law enforcement authorities dismantled a fraud network operating call centers in Ukraine that scammed victims across Europe out of more...
Telehealth's messy data trails: A growing security nightmare for patient information.
In a Help Net Security interview, Scott Bachand, CIO/CISO at Ro, discusses telehealth's impact. He explains how it reshapes patient data flow and...
AI could enhance phishing resilience through improved user training
Phishing remains a primary tactic for attackers. Therefore, even minor improvements in user training are significant. A recent University of Bari...
AI agents learn to ask for permission correctly
People are increasingly entrusting AI agents with decisions, from booking travel to organizing digital files. The concept seems straightforward:...
Europe's DMA sparks mobile ecosystem security concerns
Mobile security has long depended on tight control over how apps and services interact with a device. A new paper from the Center for...
PayPal subscriptions abused for fake purchase emails scam
An email scam is abusing PayPal's "Subscriptions" billing feature to send legitimate PayPal emails that contain fake purchase notifications...
ImmuniWeb boosts AI vulnerability testing and compliance reporting
ImmuniWeb has unveiled a major update to its ImmuniWeb AI Platform, based on ongoing research as well as valuable feedback from customers and...
Brave browser tests agentic AI for automated tasks
Brave has introduced a new AI browsing feature that leverages Leo, its privacy-respecting AI assistant, to perform automated tasks for the user.
Thales enhances AI ecosystem protection with new security tools
AI is one of the fastest-growing technologies in modern business history. It can revolutionize industries, optimize operations, and drive...
Black Duck Signal uses LLM AI for code and supply chain risk
Black Duck launched Signal, an agentic AI solution designed to secure software at the speed of AI-powered development. This transformative tool...
LLM vulnerability patching skills still limited, study finds
Security teams are wondering if LLMs can help speed up patching. A new study tests this idea, showing where the tools succeed and where they fail....
Tuta: Secure, Encrypted, Private Email Service Showcase
Tuta, formerly known as Tutanota, is built for anyone who wants email that stays private. Instead of treating encryption like a bonus feature, the...
Teamwork failing, security feels impact as AI spreads, study reveals
Security leaders often track threats in code, networks, and policies. However, a quieter risk is emerging within the daily operations of teams....
Microsoft Teams to warn IT admins of suspicious external domain traffic
Microsoft is working on a new Teams security feature that will analyze suspicious traffic with external domains to help IT administrators tackle...
10,000+ Docker Hub images leaking credentials and authentication keys
More than 10,000 Docker Hub container images expose data that should be protected, including live credentials to production systems, CI/CD...