Security Boulevard

Huntress, Microsoft Detail the Continued Popularity, Evolution of ClickFix Attacks

Microsoft, Huntress, and Intego this month detailed attacks that show the ongoing evolution of the highly popular compromise technique.
eWeek

OpenAI Just Showed That AI Can Drain a Crypto Wallet… on Purpose

Codex can exploit vulnerable crypto smart contracts 72% of the time, raising urgent questions about AI-powered cyber offense and defense.
Opinion

Opinion: Moltbook’s ‘vibe-coded’ breach is the future of security failures

Earlier this month, the now viral social network Moltbook exposed 1.5 million API authentication tokens and 35,000 email addresses within days of launch. The cause: a single misconfigured database ...
InfoWorld

WinterTC: Write once, run anywhere (for real this time)

The unified JavaScript runtime standard is an idea whose time has come. Here’s an inside look at the movement for server-side JavaScript interoperability.
InfoWorld

How to choose the best LLM using R and vitals

Use the vitals package with ellmer to evaluate and compare the accuracy of LLMs, including writing evals to test local models.
SecurityWeek

OpenClaw Security Issues Continue as SecureClaw Open Source Tool Debuts

OpenClaw faces security vulnerabilities and misconfiguration risks despite rapid patches and its transition to an OpenAI-backed foundation.

PromptSpy is the first Android malware to use generative AI at runtime

Researchers have discovered the first known Android malware to use generative AI in its execution flow, using Google's Gemini ...
Microsoft

Running OpenClaw safely: identity, isolation, and runtime risk

Self-hosted agents execute code with durable credentials and process untrusted input. This creates dual supply chain risk, ...
Decrypt

Morning Minute: OpenAI and Paradigm Turn Focus to Smart Contracts

OpenAI and Paradigm have released EVMbench—a framework for evaluating AI agents' ability to find vulnerabilities in Ethereum smart contracts.