Talos details ARToken, a PhaaS panel tied to EvilTokens that supports device code phishing, BEC workflows, SharePoint theft, ...
Multiple threat actors are abusing the GitHub API to discover organizations’ repositories and members via ghost accounts.
Zscaler found attackers using SEO poisoning and hidden prompts in malicious websites to manipulate AI agents into making cryptocurrency payments.
My local LLM can access my emails easily, and without flooding the context window.
Indirect prompt injection attacks are now draining cryptocurrency from AI agents in production. Zscaler ThreatLabz documented ...
Anthropic accuses Alibaba of using 25,000 fake accounts to scrape Claude AI The alleged campaign generated 28.8 million queries in a large-scale model-extraction effort to replicate AI capabilities.