We report an exploratory red-teaming study of autonomous language-model-powered agents deployed in a live laboratory environment with persistent memory, email accounts, Discord access, file...

Credential exposure intelligence with fast detection, scoring, and remediation workflows.

Independent technical analysis of a Chrome extension compromise, fake update chain, and Windows-stage malware activity.

Cybersecurity researchers have uncovered a new malware distribution campaign in which attackers impersonate legitimate command-line installation guides for developer tools. The campaign uses a...

A practical, community-maintained security checklist for teams building and deploying Model Context Protocol (MCP) servers and AI agent infrastructure.

An autonomous AI agent found a SQL injection in McKinsey's Lilli AI platform. What it extracted was worse than we expected.

MCP Security Checklist, Sentinel MCP scanner, and Unpinched PinchTab detector. Three open-source tools for securing AI agent pipelines and agentic browser infrastructure.

InferShield: Secure OAuth authentication for AI workflows

The Sri Krishna College of Engineering and Technology (SKCET) in India made elementary mistakes in web app security.

GitHub Security Lab Taskflow Agent is very effective at finding Auth Bypasses, IDORs, Token Leaks, and other high-impact vulnerabilities.

DID-based cryptographic identity for AI agents. Register once, authenticate everywhere.

Acronis Threat Research Unit (TRU) has identified a targeted campaign distributing a trojanized version of the Red Alert rocket warning Android app to Israeli users via SMS messages impersonating official Home Front Command communications

Mac users searching for a trusted system optimization tool are being targeted in a new malware campaign that impersonates the popular macOS utility CleanMyMac. Security researchers warn that a...

Dutch intelligence agencies have issued a warning about an ongoing cyber campaign in which Russia-linked hackers are attempting to compromise accounts on popular encrypted messaging platforms....

Security researchers have uncovered a sophisticated mobile spyware campaign targeting Israeli users through fraudulent SMS messages impersonating Israel’s Home Front Command. The operation...

Cybersecurity researchers have uncovered a sophisticated phishing campaign that exploits a rarely monitored part of the internet’s core infrastructure. Threat actors are abusing the special-use…

This is Part 2 of my Pangle SDK research. Part 1 covered how I broke the encryption. This post covers what I found when I started comparing the decrypted data across apps.

In Part 1, I decrypted 694 Pangle SDK payloads and documented what ByteDance collects:…

An autonomous AI agent found a SQL injection in McKinsey's Lilli AI platform. What it extracted was worse than we expected.