Lucy Green

Microsoft researchers flagged a counterfeit Perplexity Chrome extension that piped queries and omnibox input to an attacker server before completing the search.

Malicious instructions buried in a repository's files can hijack Anthropic's Claude Code agent and open a backdoor on the developer's own machine — no obvious malware required.

The fintech firm's engineering-security team overhauled how developers request and receive system access. The goal: speed without sacrificing control.

The arrival of capable AI models like Mythos changes attacker economics. It doesn't change which controls actually matter — and most organizations are still failing the old ones.

A major revision to the Model Context Protocol repositions itself as enterprise-ready — then quietly offloads the hard security work onto the teams building on top of it.

California Water Service brought in Mandiant after Handala threatened disruption. Investigators found no evidence the group ever touched operational technology.

Most SOC 2 and ISO 27001 reports audit a curated version of history, not operational reality. A federal cloud-security overhaul is forcing the question nobody wanted to answer: does passing audits actually mean anything?

A high-severity kernel-level flaw in Samsung's KNOX security framework affected Galaxy handsets from the S9 through the S25 — a product window spanning nearly a decade.

GitHub introduces actions/checkout v7 to block insecure pull request workflows.

A heap over-read disclosed by Calif.io exposes other users' requests — credentials and session tokens included — to anyone permitted to send traffic through the same proxy.

Brazil, Indonesia, Singapore and Thailand are the first markets where unverified developers lose the right to install apps on certified Android devices, sideload or not.

Researchers say the malware skips the usual DDoS playbook and instead builds infrastructure for pre-breach reconnaissance.

Microsoft researchers describe an exploit chain that turns an agentic browser into a one-click path from web page to host process execution.

Russian-speaking operators are working through internet-exposed Fortinet appliances at scale. CISA wants admins moving now.

Orphaned AI agents and standing privileges are accumulating across enterprise environments. Most security teams can't tell you who authorized them — or revoke them quickly when they go wrong.