Dark Reading

TeamPCP Turns Cloud Infrastructure Into Crime Bots

The threat actor has been compromising cloud environments at scale with automated worm-like attacks on exposed services and ...
Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.
The Hacker News

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

Critical n8n v CVE-2026-25049 allows authenticated workflow abuse to execute system commands and expose server data.
InfoQ

GitHub Copilot SDK Lets Developers Integrate Copilot CLI's Engine into Apps

Now available in technical preview on GitHub, the GitHub Copilot SDK lets developers embed the same engine that powers GitHub ...
Microsoft

Manipulating AI memory for profit: The rise of AI Recommendation Poisoning

That helpful “Summarize with AI” button? It might be secretly manipulating what your AI recommends. Microsoft security researchers have discovered a growing trend of AI memory poisoning attacks used ...