SecurityTicks

AI-Powered App Attacks Are Faster, More Frequent and Harder to Stop

Application Security, Artificial Intelligence /

AI-Powered App Attacks Are Faster, More Frequent and Harder to Stop 2026-05-20 at 17:48 By Kevin Townsend Digital.ai’s latest threat report warns that agentic AI has erased the distinction between emerging and primary targets, enabling attackers to strike mobile apps within hours of release across every industry. The post AI-Powered App Attacks Are Faster, More […]

AI-Powered App Attacks Are Faster, More Frequent and Harder to Stop Read More »

Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

Uncategorized /

Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks 2026-05-20 at 17:48 By Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company’s Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world. The tech giant attributed the activity to

Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks Read More »

Verizon DBIR: Vulnerability exploitation is the dominant initial access vector

AI, CISO, credentials, data breach, Don't miss, Hot stuff, News, phishing, Ransomware, report, social engineering, Verizon, vulnerability disclosure, vulnerability management /

Verizon DBIR: Vulnerability exploitation is the dominant initial access vector 2026-05-20 at 17:16 By Zeljka Zorz Vulnerability exploitation has overtaken stolen credentials as the most common way attackers gain initial access to target networks, according to the 2026 Verizon Data Breach Investigations Report. This is the first time credential theft has been knocked off the

Verizon DBIR: Vulnerability exploitation is the dominant initial access vector Read More »

NanoCo lands $12 million seed funding, launches enterprise assistant built on NanoClaw

Docker, Industry news /

NanoCo lands $12 million seed funding, launches enterprise assistant built on NanoClaw 2026-05-20 at 17:01 By Sinisa Markovic NanoCo announced a $12 million seed round, alongside the commercial launch of a professional assistant built on its open-source agent framework NanoClaw. Valley Capital Partners led the round. Docker, Vercel, monday.com, Slow Ventures, Clutch Capital, Factorial Capital,

NanoCo lands $12 million seed funding, launches enterprise assistant built on NanoClaw Read More »

1Password Teams With OpenAI to Stop AI Coding Agents From Leaking Credentials

1Password, Artificial Intelligence, OpenAI /

1Password Teams With OpenAI to Stop AI Coding Agents From Leaking Credentials 2026-05-20 at 16:45 By Kevin Townsend 1Password says AI coding agents should never hold persistent secrets, introducing a just-in-time credential model for OpenAI Codex designed to keep credentials out of prompts, code repositories, and model context. The post 1Password Teams With OpenAI to Stop AI Coding Agents From Leaking

1Password Teams With OpenAI to Stop AI Coding Agents From Leaking Credentials Read More »

Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API

Uncategorized /

Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API 2026-05-20 at 16:31 By Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for command-and-control (C2 or C&C) communications. Webworm, first publicly documented by Broadcom-owned Symantec

Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API Read More »

Credential Management in High Turnover Environments

Uncategorized /

Credential Management in High Turnover Environments 2026-05-20 at 16:04 By In this episode of Lock It Down with Security Magazine, Editor-in-Chief Rachelle Blair-Frasier speaks with Frank Rojas, Business Development Manager for Hospitality and Gaming at Traka, and Dre Perkins, VP of US Strategic Key Accounts for Vingcard. This article is an excerpt from Subscribe to

Credential Management in High Turnover Environments Read More »

Anthropic Silently Patches Claude Code Sandbox Bypass

AI, Artificial Intelligence, Claude Code, sandbox, sandbox escape, vulnerability /

Anthropic Silently Patches Claude Code Sandbox Bypass 2026-05-20 at 16:04 By Eduard Kovacs The researcher who found it says the vulnerability could have been chained with a prompt injection to exfiltrate data. The post Anthropic Silently Patches Claude Code Sandbox Bypass appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Anthropic Silently Patches Claude Code Sandbox Bypass Read More »

GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos

Uncategorized /

GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos 2026-05-20 at 15:00 By GitHub on Tuesday said it’s investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform’s source code and internal organizations for sale on a cybercrime forum. “While we currently have

GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos Read More »

FBI: $388 million lost in crypto ATM scams in 2026

Cryptocurrency, FBI, fraud, News, scams, USA /

FBI: $388 million lost in crypto ATM scams in 2026 2026-05-20 at 14:30 By Anamarija Pogorelec Americans lost more than $388 million to crypto kiosk scams in 2025, with the FBI warning that criminals are increasingly directing victims to transfer funds through these machines. Cryptocurrency kiosks, popularly known as Bitcoin ATMs, are physical automated teller

FBI: $388 million lost in crypto ATM scams in 2026 Read More »

ArmorCode gives security teams AI workers for exposure and remediation

ArmorCode, Industry news /

ArmorCode gives security teams AI workers for exposure and remediation 2026-05-20 at 14:30 By Industry News ArmorCode has announced Anya Agents, a new agentic AI framework delivered on the patented ArmorCode Agentic AI Platform that enables organizations to operationalize AI-driven security workflows at enterprise scale. Built on ArmorCode’s Context Risk Graph, Anya Agents help security

ArmorCode gives security teams AI workers for exposure and remediation Read More »

Novata uses AI to map risk across portfolios and supply chains

Industry news /

Novata uses AI to map risk across portfolios and supply chains 2026-05-20 at 14:21 By Industry News Novata has announced the launch of Risk Atlas, a new AI-powered risk monitoring tool designed to help organizations identify, compare, and prioritize risks across portfolios and supply chains. Framework for comparative risk visibility Risk Atlas provides a single,

Novata uses AI to map risk across portfolios and supply chains Read More »

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

Malware & Threats, Mini Shai-Hulud, supply chain attack, Supply Chain Security, TeamPCP /

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack 2026-05-20 at 14:21 By Ionut Arghire A compromised maintainer account was used to publish malicious package versions across the @antv namespace. The post Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack appeared first on SecurityWeek. This article is an

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack Read More »

Caught Off Guard: Securing AI After It Hits Production

AI, Artificial Intelligence /

Caught Off Guard: Securing AI After It Hits Production 2026-05-20 at 14:01 By Joshua Goldfarb As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. The post Caught Off Guard: Securing AI After It Hits Production appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Caught Off Guard: Securing AI After It Hits Production Read More »

Typosquatting Is No Longer a User Problem. It’s a Supply Chain Problem

Uncategorized /

Typosquatting Is No Longer a User Problem. It’s a Supply Chain Problem 2026-05-20 at 14:01 By AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here’s why your current stack can’t see them, and what detection actually requires. Download the CISO Expert Guide to Typosquatting in the AI Era

Typosquatting Is No Longer a User Problem. It’s a Supply Chain Problem Read More »

TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension

cybercriminals, data theft, Don't miss, GitHub, Hot stuff, News, open source, supply chain compromise /

TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension 2026-05-20 at 13:47 By Zeljka Zorz Following TeamPCP’s claim that they’ve breached GitHub’s own private code repositories, the Microsoft-owned company launched an investigation and confirmed the compromise. “Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker’s current claims of

TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension Read More »

Trust3 AI focuses on AI agent risks with MCP Security layer

Industry news /

Trust3 AI focuses on AI agent risks with MCP Security layer 2026-05-20 at 13:47 By Industry News Trust3 AI has announced the launch of Model Context Protocol (MCP) Security, establishing a new standard for safeguarding enterprise agentic AI workloads. This solution forms a key capability within Trust3 AI’s enterprise agent control plane, empowering security and

Trust3 AI focuses on AI agent risks with MCP Security layer Read More »

Scroll to Top