Dubbed InstallFix by Push Security, the scheme inserts instructions to download malware during the Claude Code install process on cloned websites.

Threat actors are operationalizing AI to scale and sustain malicious activity, accelerating tradecraft and increasing risk for defenders, as illustrated by recent activity from North Korean groups ...

VOID#GEIST malware campaign delivers XWorm, AsyncRAT, and Xeno RAT using batch scripts, Python loaders, and explorer.exe injection.

Threat actors are employing a new variation of the ClickFix social engineering technique called InstallFix to convince users into running malicious commands under the pretext of installing legitimate ...

A China-linked advanced persistent threat actor tracked as UAT-9244 has been targeting telecommunication service providers in South America since 2024, compromising Windows, Linux, and network-edge ...

All the nation-state hackers are vibe coding. Vibeware won't win any coding awards. It's not pretty. It doesn't target any ...

Source Code Exfiltration in Google Antigravity‍TL;DR: We explored a known issue in Google Antigravity where attackers can silently exfiltrate proprietary source codeBy hiding malicious instructions ...

Error logs and GitHub pull requests hint at GPT-5.4 quietly rolling out in Codex, signaling faster iteration cycles and continuous AI model deployment.

Vibe coding is a natural language-driven, AI-assisted way to build software. Instead of writing every line of code by hand, you describe what you want via natural language prompts to an agentic AI ...

The phishing expedition targets government and public-sector organizations, according to a Monday report from Redmond's ...

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...

North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT ...