OpenClaw, the AI assistant that lets users manage tasks through messaging apps, is facing serious security concerns after researchers uncovered malware hidden in user‑submitted skill add‑ons on its ClawHub marketplace. Over a short period, dozens of malicious skills and hundreds of malicious add‑ons were identified, many posing as cryptocurrency tools while stealing sensitive credentials. The creator, Peter Steinberger, has introduced new publishing safeguards, but the risk of malicious code remains a notable attack surface for users granting the assistant deep device access. Leer más →

Security researchers have uncovered a new method in which attackers use AI chatbots and search engines to deliver malicious commands. By prompting AI assistants to suggest terminal commands and then promoting those suggestions in search results, hackers can lure unsuspecting users into executing harmful code. Tests by Huntress showed the technique succeeded against both ChatGPT and Grok, allowing malware to be installed without traditional download or link clicks. The approach exploits user trust in familiar platforms and highlights the need for heightened caution when copying command‑line instructions from online sources. Leer más →

A Google analysis of five AI‑developed malware families shows they fail to work effectively and are readily identified by existing defenses. The report counters industry hype suggesting AI‑generated malware is a looming threat. While firms like Anthropic, ConnectWise, OpenAI and BugCrowd note increased accessibility of hacking tools via large language models, Google and OpenAI both report limited success and no breakthrough capabilities. The study also highlights a guard‑rail bypass attempt using a capture‑the‑flag scenario, prompting tighter safeguards. Overall, traditional malware tactics remain the dominant risk. Leer más →

A new research paper from University of California scholars demonstrates that high‑sensitivity gaming mice can capture acoustic vibrations from a desk, convert them into intelligible speech using signal‑processing techniques and artificial intelligence, and potentially be used for covert surveillance. The exploit, dubbed “Mic‑E‑Mouse,” requires a compromised PC and a mouse with DPI above 20,000. Tests showed a speaker‑recognition accuracy of about 80 percent, raising concerns about corporate espionage and personal privacy. Experts advise robust security practices to mitigate the risk. Leer más →

OpenAI reported that it has banned a China‑originated account that used ChatGPT to design a social‑media listening “probe” capable of crawling major platforms for politically, ethnically or religiously defined content. The company also blocked an account developing a “High‑Risk Uyghur‑Related Inflow Warning Model” for tracking individuals. These actions are part of a broader effort that uncovered Russian, Korean and Chinese developers refining malware, and networks in Cambodia, Myanmar and Nigeria creating scams with the AI. OpenAI estimates its model detects scams three times more often than it creates them, and it has disrupted influence campaigns in Iran, Russia and China. Leer más →

Security researchers have demonstrated a new technique that hides malicious instructions inside images uploaded to multimodal AI systems. The concealed prompts become visible after the AI downscales the image, allowing the model to execute unintended actions such as extracting calendar data. The method exploits common image resampling methods and has been shown to work against several Google AI products. Researchers released an open‑source tool, Anamorpher, to illustrate the risk and recommend tighter input controls and explicit user confirmations to mitigate the threat. Leer más →

Artificial intelligence is reshaping how developers build applications, delivering speed and automation across the software lifecycle. At the same time, AI tools are empowering threat actors to reverse‑engineer code, generate sophisticated malware, and exploit mobile apps at unprecedented scale. The convergence of rapid app deployment and AI‑enabled attacks is expanding the attack surface, prompting security professionals to embed protections such as runtime application self‑protection (RASP) and continuous testing directly into development pipelines. Leer más →

Security researchers at Proofpoint have identified a new variant of the open‑source infostealer known as Stealerium that automatically captures webcam photos and browser screenshots when a victim visits pornographic sites. The malware, distributed freely on GitHub by a developer calling themselves witchfindertr, steals typical data such as passwords and crypto keys while also adding a humiliating sextortion feature. Proofpoint observed the tool being used in phishing campaigns targeting hospitality, education and finance sectors. The discovery highlights a shift toward low‑profile, individual‑targeted extortion by cybercriminals. Leer más →

AegisAI, a new email security startup founded by former Google Safe Browsing and reCAPTCHA leaders Cy Khormaee and Ryan Luo, has emerged from stealth with a $13 million seed round co‑led by Accel and Foundation Capital. The company builds a network of autonomous AI agents that analyze every component of an email in real time to detect phishing, malware, and business‑email‑compromise threats. Early pilots in the United States and Europe have already added paying customers, and the team plans to expand its technical and go‑to‑market capabilities. Leer más →

Artificial intelligence is reshaping how developers build applications, delivering speed and automation across the software lifecycle. At the same time, AI tools are empowering threat actors to reverse‑engineer code, generate sophisticated malware, and exploit mobile apps at unprecedented scale. The convergence of rapid app deployment and AI‑enabled attacks is expanding the attack surface, prompting security professionals to embed protections such as runtime application self‑protection (RASP) and continuous testing directly into development pipelines. Leer más →

Artificial intelligence is reshaping how developers build applications, delivering speed and automation across the software lifecycle. At the same time, AI tools are empowering threat actors to reverse‑engineer code, generate sophisticated malware, and exploit mobile apps at unprecedented scale. The convergence of rapid app deployment and AI‑enabled attacks is expanding the attack surface, prompting security professionals to embed protections such as runtime application self‑protection (RASP) and continuous testing directly into development pipelines. Leer más →

Security researchers have demonstrated a new technique that hides malicious instructions inside images uploaded to multimodal AI systems. The concealed prompts become visible after the AI downscales the image, allowing the model to execute unintended actions such as extracting calendar data. The method exploits common image resampling methods and has been shown to work against several Google AI products. Researchers released an open‑source tool, Anamorpher, to illustrate the risk and recommend tighter input controls and explicit user confirmations to mitigate the threat. Leer más →

Security researchers have demonstrated a new technique that hides malicious instructions inside images uploaded to multimodal AI systems. The concealed prompts become visible after the AI downscales the image, allowing the model to execute unintended actions such as extracting calendar data. The method exploits common image resampling methods and has been shown to work against several Google AI products. Researchers released an open‑source tool, Anamorpher, to illustrate the risk and recommend tighter input controls and explicit user confirmations to mitigate the threat. Leer más →

Security researchers at Proofpoint have identified a new variant of the open‑source infostealer known as Stealerium that automatically captures webcam photos and browser screenshots when a victim visits pornographic sites. The malware, distributed freely on GitHub by a developer calling themselves witchfindertr, steals typical data such as passwords and crypto keys while also adding a humiliating sextortion feature. Proofpoint observed the tool being used in phishing campaigns targeting hospitality, education and finance sectors. The discovery highlights a shift toward low‑profile, individual‑targeted extortion by cybercriminals. Leer más →

Security researchers at Proofpoint have identified a new variant of the open‑source infostealer known as Stealerium that automatically captures webcam photos and browser screenshots when a victim visits pornographic sites. The malware, distributed freely on GitHub by a developer calling themselves witchfindertr, steals typical data such as passwords and crypto keys while also adding a humiliating sextortion feature. Proofpoint observed the tool being used in phishing campaigns targeting hospitality, education and finance sectors. The discovery highlights a shift toward low‑profile, individual‑targeted extortion by cybercriminals. Leer más →

AegisAI, a new email security startup founded by former Google Safe Browsing and reCAPTCHA leaders Cy Khormaee and Ryan Luo, has emerged from stealth with a $13 million seed round co‑led by Accel and Foundation Capital. The company builds a network of autonomous AI agents that analyze every component of an email in real time to detect phishing, malware, and business‑email‑compromise threats. Early pilots in the United States and Europe have already added paying customers, and the team plans to expand its technical and go‑to‑market capabilities. Leer más →

AegisAI, a new email security startup founded by former Google Safe Browsing and reCAPTCHA leaders Cy Khormaee and Ryan Luo, has emerged from stealth with a $13 million seed round co‑led by Accel and Foundation Capital. The company builds a network of autonomous AI agents that analyze every component of an email in real time to detect phishing, malware, and business‑email‑compromise threats. Early pilots in the United States and Europe have already added paying customers, and the team plans to expand its technical and go‑to‑market capabilities. Leer más →

Artificial intelligence is reshaping how developers build applications, delivering speed and automation across the software lifecycle. At the same time, AI tools are empowering threat actors to reverse‑engineer code, generate sophisticated malware, and exploit mobile apps at unprecedented scale. The convergence of rapid app deployment and AI‑enabled attacks is expanding the attack surface, prompting security professionals to embed protections such as runtime application self‑protection (RASP) and continuous testing directly into development pipelines. Leer más →

Security researchers at Proofpoint have identified a new variant of the open‑source infostealer known as Stealerium that automatically captures webcam photos and browser screenshots when a victim visits pornographic sites. The malware, distributed freely on GitHub by a developer calling themselves witchfindertr, steals typical data such as passwords and crypto keys while also adding a humiliating sextortion feature. Proofpoint observed the tool being used in phishing campaigns targeting hospitality, education and finance sectors. The discovery highlights a shift toward low‑profile, individual‑targeted extortion by cybercriminals. Leer más →

AegisAI, a new email security startup founded by former Google Safe Browsing and reCAPTCHA leaders Cy Khormaee and Ryan Luo, has emerged from stealth with a $13 million seed round co‑led by Accel and Foundation Capital. The company builds a network of autonomous AI agents that analyze every component of an email in real time to detect phishing, malware, and business‑email‑compromise threats. Early pilots in the United States and Europe have already added paying customers, and the team plans to expand its technical and go‑to‑market capabilities. Leer más →