The Hacker News

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

Claude Code flaws allow remote code execution and API key theft via untrusted repositories; three bugs fixed across 2025–2026 ...
Computerworld

One click is all it takes: How ‘Reprompt’ turned Microsoft Copilot into a data exfiltration tool

AI copilots are incredibly intelligent and useful — but they can also be naive, gullible, and even dumb at times. A new one-click attack flow discovered by Varonis Threat Labs researchers underscores ...
CSO Online

Steaelite RAT combines data theft and ransomware management capability in one tool

The Android ransomware module on the tool’s roadmap extends this further, says the report. “If the developer delivers [the ransomware module], a single Steaelite licence could cover both corporate ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
Business Wire

Coveware by Veeam Reveals Q2 2025 Ransomware Surge: Social Engineering and Data Exfiltration Drive Record Payouts

SEATTLE--(BUSINESS WIRE)--Coveware by Veeam ®, the leading authority in ransomware response and cyber extortion trends, today unveiled its Q2 2025 ransomware report, spotlighting a dramatic escalation ...
CSOonline

One click is all it takes: How ‘Reprompt’ turned Microsoft Copilot into data exfiltration tools

AI copilots are incredibly intelligent and useful — but they can also be naive, gullible, and even dumb at times. A new one-click attack flow discovered by Varonis Threat Labs researchers underscores ...