ICE Has Spyware Now
Summary This WIRED security roundup reports that US Immigration and Customs Enforcement (ICE) will be able to obtain Paragon spyware after the Trump administration rescinded a Biden-era restriction. The piece…
Scammers Are Using Grok to Spread Malicious Links on X
Scammers Are Using Grok to Spread Malicious Links on X Summary Bad actors on X (formerly Twitter) are exploiting X’s AI assistant Grok to make malicious links clickable and widely…
Proof-of-Concept in 15 Minutes? AI Turbocharges Exploitation
Proof-of-Concept in 15 Minutes? AI Turbocharges Exploitation Summary An AI-powered offensive research pipeline developed by two Israeli security researchers — Nahman Khayet and Efi Weiss — can generate working proof-of-concept…
Anyone Using Agentic AI Needs to Understand Toxic Flows
Anyone Using Agentic AI Needs to Understand Toxic Flows Summary This Dark Reading piece explains why organisations adopting agentic AI must pay attention to “toxic flows” — dangerous interactions between…
Secretive MaaS Group ‘TAG-150’ Develops Novel ‘CastleRAT’
Secretive MaaS Group ‘TAG-150’ Develops Novel ‘CastleRAT’ Summary Researchers have mapped an emerging malware-as-a-service (MaaS) cluster labelled TAG-150 that centres on a loader and bespoke remote access Trojans (RATs) collectively…
Critical SAP S/4HANA Vulnerability Under Attack, Patch Now
Critical SAP S/4HANA Vulnerability Under Attack, Patch Now Summary A critical code-injection vulnerability in SAP S/4HANA, CVE-2025-42957 (CVSS 9.9), is being exploited in the wild. The flaw lets a low-privileged…
Critical, make-me-super-user SAP S/4HANA bug under active exploitation
Critical, make-me-super-user SAP S/4HANA bug under active exploitation Summary A critical code-injection vulnerability (CVE-2025-42957) in SAP S/4HANA — rated 9.9 — is being actively exploited. SecurityBridge Threat Research Labs, which…
The crazy, true story behind the first AI-powered ransomware
The crazy, true story behind the first AI-powered ransomware Summary A New York University engineering team built a proof-of-concept AI-driven ransomware they call Ransomware 3.0. The system uses large language…
Shell to pay: Crims invade your PC with CastleRAT malware, now in C and Python
Shell to pay: Crims invade your PC with CastleRAT malware, now in C and Python Summary A criminal crew called TAG-150 has developed CastleRAT in two flavours — a stealthy…
Boffins Build Automated Android Bug Hunting System
Boffins Build Automated Android Bug Hunting System Summary Researchers from Nanjing University and the University of Sydney have developed A2, an AI agent that automates discovery and validation of vulnerabilities…