Pulse

Check Point has identified a new ransomware campaign targeting outdated VPN protocols. These attacks are linked to ransomware operations and exploit vulnerabilities in older VPN systems. The cybersecurity firm is warning organizations to update their VPN infrastructure to prevent potential breaches. AI

A critical vulnerability has been discovered in LiteLLM, an open-source AI gateway. CVE-2026-42271 allows authenticated users to execute commands on the server, while a second, unauthenticated exploit also exists. Users are strongly advised to update LiteLLM immediately or restrict access to prevent potential security breaches. AI

Malware has been discovered targeting AI developers through GitHub repositories associated with Microsoft. This highlights the increasing importance of supply chain security in the software development process. The discovery underscores the need for vigilance against threats that exploit development environments. AI

Apple's upcoming macOS 27, codenamed "Golden Gate," is set to launch at WWDC 2026. The new operating system will feature significant advancements in artificial intelligence, enhanced safety protocols, and a redesigned user interface. This release marks a major step forward in Apple's integration of AI into its core products. AI

A new tool, the Anthropic LLM ATT&CK Navigator, has been developed to map the potential attack vectors and vulnerabilities associated with Anthropic's large language models. This navigator aims to provide a structured way to understand and visualize the threat landscape surrounding these AI systems, likely for cybersecurity professionals and researchers. AI

Microsoft's GitHub repositories were compromised through a malicious AI development tool, leading to the theft of authentication credentials. This incident highlights the systemic risks within open-source ecosystems, particularly concerning the security of AI development tools and the broader reliance on open-source software. AI

A new malware strain named Hades has been identified that is specifically designed to deceive AI-powered security systems. Threat actors are employing this sophisticated malware to evade detection by AI agents, posing a new challenge to cybersecurity defenses. The development highlights an escalating arms race between malicious actors and AI security tools. AI

Cloudflare is leveraging its own infrastructure to defend against advanced AI-powered cyber threats. The company is using its extensive network and security architecture as a testing ground, or "customer zero," to develop and deploy defenses against sophisticated attacks. This proactive approach aims to stay ahead of evolving cyber threats that utilize frontier AI models. AI

Apple's new AI features, branded as Apple Intelligence, include the ability to automatically change user passwords when a security breach is detected. This functionality aims to enhance user security by proactively managing compromised credentials. However, the move has raised concerns about potential risks and unintended consequences associated with AI handling sensitive security information. AI

Meta has removed facial recognition code from its Meta AI app, which supports its smart glasses, following a WIRED report. The company had embedded unreleased software, internally known as NameTag, designed to identify faces captured by the glasses and compare them against a database. Despite Meta's initial claims that the feature did not exist, the code was present in millions of devices before being stripped out in a subsequent update. AI

Microsoft's GitHub Copilot Enterprise has been found to contain a credential-stealing malware. This is the second time in weeks that a Microsoft product has been compromised with such malicious software. The vulnerability allows attackers to steal user credentials, posing a significant security risk. AI

The UK government plans to pilot AI legal assistants in England and Wales' crown courts to help reduce case backlogs. Deputy Prime Minister David Lammy will announce the initiative, which aims to save administrative time and expedite justice. However, legal professionals, including the Law Society, have cautioned that the technology should not be used to cut funding or staff, emphasizing the need for thorough evaluation and robust safeguards against AI hallucinations and fabricated case law. AI

A recent study has uncovered that large language models can unintentionally corrupt documents when tasked with editing. Researchers tested 19 LLMs, including advanced models like Gemini Pro and Claude Opus, and found that these models altered approximately 25% of content after 20 interactions. The study indicated that less capable models tend to delete content, while more sophisticated ones introduce plausible but incorrect information, with degradation increasing with larger context windows and complex file types. AI

Apple has introduced a new initiative called Private Cloud Compute (PCC) to enhance the privacy and security of AI processing. This system allows AI tasks to be performed on Apple devices rather than relying on external servers. PCC is designed to process sensitive user data locally, ensuring that information is not sent to the cloud and is protected by the device's security architecture. AI

Apple is integrating AI image generation and manipulation tools into its operating system, sparking debate about transparency and security. Critics argue that the lack of clear watermarking or indicators for AI-generated content undermines Apple's stated commitment to security and user trust. This move raises concerns about the potential for misuse and the blurring of lines between authentic and synthetic media. AI

Microsoft's AI packages have been compromised for the second time in recent weeks, with 73 packages containing a credential-stealing malware. This malicious software activates as soon as an AI agent opens the compromised packages. The discovery highlights a recurring vulnerability in the distribution of AI-related software components. AI

Microsoft's official open-source packages have been compromised for the second time in recent weeks, with malicious code designed to steal credentials being injected into 73 packages. This code activates when developers use AI coding agents to open the packages, potentially compromising systems by stealing tokens for cloud providers like AWS, Azure, and GCP, as well as password managers and developer tools. The attack, linked to threat actor TeamPCP and using malware known as Miasma, bypasses repository build pipelines by leveraging legitimate Microsoft OIDC tokens. AI

Microsoft has taken down numerous GitHub repositories related to its Azure and AI coding agents following a data breach. Hackers planted malware within these repositories, which, when opened by users of AI coding tools like Claude and Gemini, would harvest their credentials. Cybersecurity researchers and Microsoft have confirmed this incident, highlighting a significant security vulnerability. AI

Meta's AI support bot for Instagram has been exploited by attackers to gain unauthorized access to user accounts. The exploit involved tricking the bot into changing account email addresses, allowing hackers to take over high-profile accounts, including those associated with the White House and Sephora. Meta has since issued an emergency patch to address the vulnerability. AI

GitHub has taken down over 70 Microsoft repositories due to suspected infections by the Miasma worm. The worm compromised contributor accounts, allowing it to execute malicious code and target CI/CD pipelines. The attackers aimed to exfiltrate cloud secrets and developer tool configurations. AI

A new index catalogs publicly disclosed security incidents related to generative AI and agentic AI systems. Each incident is cross-referenced with established security frameworks like the OWASP LLM Top 10, OWASP Agentic Top 10, NIST AI RMF, and MITRE ATLAS. This resource aims to provide a structured overview of AI-specific security vulnerabilities and threats. AI

A critical vulnerability in the Zcash cryptocurrency has been discovered and successfully patched. The flaw, if exploited, could have had significant implications for users and the integrity of the blockchain. Security researchers have confirmed the fix, mitigating the risk of potential attacks. AI

Aviva has successfully prevented £233 million in fraudulent claims by employing AI algorithms to detect fake accident images. This initiative highlights the growing use of AI in the insurance sector to combat sophisticated fraud schemes. The company's efforts underscore the challenge of distinguishing real from fabricated evidence in the digital age. AI

Aviva is implementing an AI system to combat sophisticated insurance fraud. This new AI will analyze claims for digital evidence of fabricated accident scenes and forged documents. The goal is to identify and prevent fraudulent claims, which cost the company an estimated $230 million. AI

The German Research Center for Artificial Intelligence (DFKI) has released a new browser extension called Privacy Guardrail. This tool is designed to protect user privacy by acting as a safeguard for AI prompts entered directly into the browser. Currently, the extension is only available for Chrome-based browsers. AI

Attackers are reportedly exploiting AI support agents to gain unauthorized access to Meta accounts. This method requires the attacker to already possess the email address linked to the target Meta account. The vulnerability highlights a new vector for account compromise by manipulating AI-driven customer service systems. AI