News

Cyber Security News
cyberpress. org > dom-poisoning-targets-ai-agents

Malicious Websites Hide Prompt Instructions in DOM to Poison AI Agent Decision-Making

7+ hour, 45+ min ago  (384+ words) Threat actors are turning web content into a new attack surface to target artificial intelligence workflows. Much like human users face phishing attacks, AI agents are increasingly vulnerable to Indirect Prompt Injection (IPI). Attackers embed malicious instructions directly into a…...

Symbols: btc-usd
Cyber Security News
cyberpress. org > claude-cowork-flaw

Claude Cowork Flaw Lets Attackers Escape Bubblewrap Sandbox and Gain Root Access

4+ hour, 31+ min ago  (709+ words) A newly disclosed sandbox escape chain in Anthropic's Claude Cowork for Windows allows an attacker with local code execution to obtain root access inside the product's isolated Ubuntu VM and bypass its network egress restrictions entirely. Claude Cowork, a component…...

Cyber Security News
cyberpress. org > pamstealer-macos-infostealer

Pam Stealer mac OS Infostealer Uses Rust Payload to Validate and Steal Passwords

7+ hour, 9+ min ago  (471+ words) A newly discovered mac OS infostealer, dubbed Pam Stealer, disguises itself as the popular open-source clipboard manager Maccy while quietly harvesting credentials, browser data, and clipboard contents through a two-stage attack chain. Researchers at Jamf Threat Labs traced the malware's…...

Cyber Security News
cyberpress. org > alibaba-ban-claude-code-alleged-backdoor

Alibaba to Ban Claude Code at Work Over Alleged Backdoor Security Risks

5+ hour, 53+ min ago  (454+ words) Alibaba will reportedly ban the use of Anthropic's Claude Code across its workplace environments starting July 10, following allegations that the AI coding assistant contains a covert backdoor-like mechanism. The decision, first reported by Yicai and later confirmed by Reuters through…...

Symbols: btc-usd
Cyber Security News
cyberpress. org > polinrider-supply-chain-attack

North Korea-Linked Polin Rider Campaign Hits 108 Open Source Packages and Extensions

11+ hour, 45+ min ago  (442+ words) The North Korea-linked Polin Rider supply chain campaign is rapidly expanding its reach across developer ecosystems. Originally targeting the npm registry, threat actors associated with the Contagious Interview and Famous Chollima activity clusters have now infected 108 unique open-source projects. Security…...

Cyber Security News
cyberpress. org > teampcp-supply-chain-risk

FBI Warns Team PCP Supply Chain Campaign Puts Developer Environments and Cloud Credentials at Risk

11+ hour, 1+ min ago  (327+ words) In 2026, the FBI issued a critical warning regarding a massive software supply chain campaign orchestrated by the threat group Team PCP. By weaponizing these entry points, the threat actors successfully introduced malicious code into victim environments at an unprecedented scale....

Symbols: cert-eu
Cyber Security News
cyberpress. org > veildrop-purelog-memory-attack

VEIL#DROP Power Shell Loader Abuses Blogspot to Deploy Pure Log Stealer in Memory

11+ hour, 15+ min ago  (297+ words) A sophisticated multi-stage malware delivery framework dubbed VEIL#DROP has emerged as a significant threat to enterprise environments by leveraging trusted cloud infrastructure and native operating system components to deploy the Pure Log Stealer entirely in memory. The campaign begins…...

Cyber Security News
cyberpress. org > google-disrupts-netnut-residential-proxy-network

Google Disrupts Net Nut Residential Proxy Network Linked to Malware C2 Abuse

12+ hour, 19+ min ago  (482+ words) Google, in coordination with the FBI, Lumen, and other industry partners, has taken action to dismantle the Net Nut residential proxy network, also tracked as Popa. The operation builds on Google's January 2026 disruption of the IPIDEA proxy network and marks…...

Symbols: ncsc-uk
Cyber Security News
cyberpress. org > sharkloader-in-memory-beacon-attack

Shark Loader Malware Deploys Cobalt Strike Beacon Through Stealthy In-Memory Execution

11+ hour, 33+ min ago  (398+ words) Researchers have discovered a highly evasive malware loader, Shark Loader, that deploys Cobalt Strike Beacons directly into system memory. A threat cluster known as Strike Shark is currently using this undocumented tool to breach networks across multiple industries worldwide. Strike…...

Symbols: setup.js
Cyber Security News
cyberpress. org > dropbox-tunnels-deliver-asyncrat

Hackers Use Dropbox URLs and Try Cloudflare Tunnels to Deliver Async RAT Malware

1+ day, 4+ hour ago  (381+ words) A sophisticated Async RAT malware campaign exploiting legitimate services to bypass detection. Threat actors are using Dropbox URLs and Try Cloudflare Quick Tunnels to deliver malicious Python packages to unsuspecting victims. This campaign highlights a growing trend of attackers weaponizing…...