Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks

What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks

Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal

ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More

New AI Usage Report: Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI "Power users"