Anyone Using Agentic AI Needs to Understand Toxic Flows
Anyone Using Agentic AI Needs to Understand Toxic Flows Summary Businesses are racing to deploy agentic AI as a productivity lifeline, but security researchers warn of a new class of…
Secretive MaaS Group ‘TAG-150’ Develops Novel ‘CastleRAT’
Secretive MaaS Group ‘TAG-150’ Develops Novel ‘CastleRAT’ Summary Researchers have mapped a young malware-as-a-service (MaaS) cluster labelled TAG-150 that revolves around a loader dubbed CastleLoader and a broader service called…
Scammers Are Using Grok to Spread Malicious Links on X
Scammers Are Using Grok to Spread Malicious Links on X Summary Bad actors on X are exploiting the platform’s native AI assistant, Grok, to amplify malicious links in promoted posts…
Critical SAP S/4HANA Vulnerability Under Attack, Patch Now
Critical SAP S/4HANA Vulnerability Under Attack, Patch Now Summary A critical code-injection vulnerability (CVE-2025-42957) in SAP S/4HANA that earned a 9.9 CVSS score is being exploited in the wild. The…
Qantas penalizes executives for July cyberattack
Qantas penalises executives for July cyberattack Summary Senior leaders at Qantas have had their 2024/25 short-term bonuses cut by 15 percentage points after a July cyberattack that exposed the personal…
CISA orders federal agencies to patch Sitecore zero-day following hacking reports
CISA orders federal agencies to patch Sitecore zero-day following hacking reports Summary Sitecore published an advisory about CVE-2025-53690, a vulnerability tied to the use of a sample ASP.NET machine key…
Critical, make-me-super-user SAP S/4HANA bug under active exploitation
Summary A critical code-injection vulnerability in SAP S/4HANA (CVE-2025-42957) is being actively exploited. The flaw, scored 9.9, lets a low-privileged user inject arbitrary ABAP code, bypass authorisation checks and effectively…
The crazy, true story behind the first AI-powered ransomware
The crazy, true story behind the first AI-powered ransomware Summary A team of researchers at New York University built a proof-of-concept called “Ransomware 3.0” to explore whether large language models…
Shell to pay: Crims invade your PC with CastleRAT malware, now in C and Python
Shell to pay: Crims invade your PC with CastleRAT malware, now in C and Python Summary Recorded Future has uncovered two variants of CastleRAT from the TAG-150 crime group: a…
Boffins Build Automated Android Bug Hunting System
Boffins Build Automated Android Bug Hunting System Summary Researchers from Nanjing University and the University of Sydney have developed an AI-powered agent, dubbed A2, that automates vulnerability discovery and validation…