Research
-
Researchers show TrojPix air-gap attack can leak data at 8.1 Mbps
Researchers at Shandong University say a new air-gap attack called TrojPix can leak data from isolated computers through video cable emissions, reaching 8.1 Mbps in tests and a separate maximum range of 208 meters.
-
Researchers flag Java-based QuimaRAT malware sold as a cross-platform MaaS tool
Researchers have identified QuimaRAT, a Java-based cross-platform remote access trojan sold as malware-as-a-service for Windows, Linux and macOS. The modular toolset includes a builder, loader and dropper, with subscriptions starting at $150 a month.
-
Opera GX flaw let sites silently install mod and leak data
Researchers found an Opera GX flaw that let a malicious site silently install a mod and leak data from pages a victim visited. Opera says it patched the issue and found no evidence of abuse in the wild.
-
Study says AI coding agent skill scanners can be evaded with simple cloaking tricks
Researchers say scanners for malicious AI coding agent skills can be bypassed with simple cloaking tricks, with one method evading every scanner tested more than 90% of the time. A runtime checker caught most hidden threats in tests.
-
U.S. county linked to $1 million payment in data theft extortion case
A case study linked a $1 million payment to a U.S. government entity after stolen files were threatened with release. The report pointed to Union County, Ohio, and described a data theft extortion scheme with no evidence of encryption.
-
Sysdig says AI agent ran ransomware attack through patched Langflow flaw
Sysdig says an AI agent carried out a ransomware attack from start to finish after exploiting a patched Langflow flaw, stealing credentials and encrypting a production database. The report says the case shows how exposed software and weak defaults can be chained automatically.
-
Ransomware groups use Citrix flaw, stolen VPN logins and supply chain credentials
Ransomware crews tied to Anubis, The Gentlemen, VECT and TeamPCP are using Citrix exploitation, valid VPN credentials, BYOVD techniques and supply chain access to break into targets and move through networks.
-
MeetingTV sues Palo Alto Networks over Koi Security report that linked startup to espionage campaign
MeetingTV has sued Palo Alto Networks and Koi Security over a threat-intelligence blog that linked the startup to Chinese espionage. The company says the report was AI-driven, inaccurate and led to blocks on its domains.
-
Hackers exploit Langflow flaw to push Monero miner in March-April campaign
Hackers exploited a critical Langflow remote code execution flaw over a 19-day period in March and April 2026 to deploy a Monero miner, disable security tools and spread to other hosts, according to a technical analysis from Trend Micro.
-
Malicious browser extension campaign steals crypto by swapping wallet addresses
McAfee Labs said a June campaign called Silent Swap uses malicious browser extensions to swap cryptocurrency wallet addresses in the clipboard, while a separate Socket disclosure found fake VPN extensions stealing sensitive data.







