The Hacker News

UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device

UNC4899 breached a crypto firm via AirDrop malware and cloud exploitation in 2025, stealing millions through Kubernetes and Cloud SQL abuse.
CSO Online

Devs looking for OpenClaw get served a GhostClaw RAT

GhostClaw poses as an OpenClaw installer package, stealing system credentials and sensitive data before deploying a persistent RAT.
Security Boulevard

Zero Trust Architecture for Decentralized MCP Tool Discovery

So, everyone is talking about ai agents lately, but nobody’s really mentioning that we’re basically handing these bots the keys to the kingdom without checking the locks. It's kinda wild—we’re letting ...