The Hacker News

New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis

SentinelOne details Gaslight, a Rust-based macOS implant linked to North Korea-aligned actors that uses prompt injection to ...
cryptopolitan

Microsoft, Google patch flaws as Cordyceps spread across open-source repositories

Security researchers at Novee found over 300 exploitable CI/CD workflow chains across repositories belonging to Microsoft, Google, Apache, Cloudflare, and the Python Software Foundation. The flaws ...

LastPass data breach confirmed: Everything we know so far

Hackers used a backdoor through a little-known third-party app to steal LastPass customer data.
Infosecurity Magazine

macOS Backdoor Uses Prompt Injection to Evade AI Triage

A North Korea-linked macOS backdoor has been caught hiding a prompt injection that targets malware analyst's AI tools, rather ...
Microsoft

StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them

On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that ...
InfoWorld

AI coding token costs are on track to rival human payroll

Growing use of coding agents and consumption-based pricing models could push per-developer AI spending to unprecedented ...
CSO Online

Klue breach exposed Salesforce CRM data through stolen OAuth tokens

An attacker broke into competitive-intelligence vendor Klue, stole OAuth tokens its customers use to connect to Salesforce ...
Tech Times

Embodied AI World Models Attracted $6 Billion, But the LLM Parallel May Not Hold

Embodied AI world models drew $6 billion in Q1 2026 alone, but new analysis from Fusion Fund investors argues the LLM scaling ...
The Hacker News

Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data

Salesforce disabled Klue Battlecards integration after attackers used compromised OAuth tokens to access customer CRM data ...
DataBreachToday

Attackers Steal Salesforce Data From Klue Battlecards Users

Salesforce disabled connections to its customer relationship management environment from third-party app Klue Battlecards as ...
Dark Reading

Salesforce Data Thefts Continue via Klue App Compromise

More Salesforce instances have been breached by threat actors abusing a third-party application integration, this time through Klue's Battlecards app. The attacks, which are the latest in a series of ...