CVE-2026-10174 Aider-AI Aider Pre-commit Hook args.py protection mechanism

A vulnerability was identified in Aider-AI Aider 0.86.3. Affected is an unknown function of the file aider/args.py of the component Pre-commit Hook Handler. Such manipulation of the argument git-commit-verify leads to protection mechanism failure. The attack may be launched remotely. The exploit ...

MAL-2026-3744 Malicious code in node-ipc (npm)

Three versions of node-ipc 9.1.6, 9.2.3, 12.0.1 were published to npm on May 14, 2026 by a compromised maintainer account atiertant. Each version contains an identical 80KB obfuscated payload appended to node-ipc.cjs that steals over 100 categories of sensitive files SSH keys, cloud provider...

Malicious code in node-ipc (npm)

Three versions of node-ipc 9.1.6, 9.2.3, 12.0.1 were published to npm on May 14, 2026 by a compromised maintainer account atiertant. Each version contains an identical 80KB obfuscated payload appended to node-ipc.cjs that steals over 100 categories of sensitive files SSH keys, cloud provider...

A week in security (April 20 – April 26)

Last week on Malwarebytes Labs: Medical data of 500,000 UK volunteers listed for sale on Alibaba How cyberattacks on companies affect everyone Apple fixes iOS bug that kept deleted notifications, including chat previews Roblox clamps down on chats and age checks as legal pressure builds Malicious...

⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. Even update channels are used to push...

CVE-2026-39697

CVE-2026-39697 affects the WordPress plugin MAIO – The new AI GEO / SEO tool by HBSS Technologies, version range n/a through 6.2.8. The root cause is missing/incorrectly configured access control (broken access control) allowing unauthorized access due to insufficient authorization checks. Public...

ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers

Three different ClickFix campaigns have been found to act as a delivery vector for the deployment of a macOS information stealer called MacSync. "Unlike traditional exploit-based attacks, this method relies entirely on user interaction – usually in the form of copying and executing commands –...

This Week in Spring – December 23rd, 2025

Happy holidays, everyone! The year may be winding down, but the Spring ecosystem continues unabated. We’re now a few weeks past the generational Spring Boot 4.0 release in November, and there have been tons of releases and patches since then. There’s also equal excitement reflected in posts from...

IBM Concert Information Disclosure Vulnerability (CNVD-2026-07114)

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform, announced by IBM in May 2024 at the IBMThink conference in Boston, USA. IBM Concert suffers from an information disclosure vulnerability that stems from t...

TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign

Threat actors are leveraging bogus installers masquerading as popular software to trick users into installing malware as part of a global malvertising campaign dubbed TamperedChef. The end goal of the attacks is to establish persistence and deliver JavaScript malware that facilitates remote acces...

224 malicious apps removed from the Google Play Store after ad fraud campaign discovered

Researchers have discovered a large ad fraud campaign on Google Play Store. The Satori Threat Intelligence and Research team found 224 malicious apps which were downloaded over 38 million times and generated up to 2.3 billion ad requests per day. They named the campaign "SlopAds." Ad fraud is a...

CVE-2025-53641

Postiz is an AI social media scheduling tool. From 1.45.1 to 1.62.3, the Postiz frontend application allows an attacker to inject arbitrary HTTP headers into the middleware pipeline. This flaw enables a server-side request forgery SSRF condition, which can be exploited to initiate unauthorized...

Vercel's v0 AI Tool Weaponized by Cybercriminals to Rapidly Create Fake Login Pages at Scale

Unknown threat actors have been observed weaponizing v0, a generative artificial intelligence AI tool from Vercel, to design fake sign-in pages that impersonate their legitimate counterparts. "This observation signals a new evolution in the weaponization of Generative AI by threat actors who have...

Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools

Fake installers for popular artificial intelligence AI tools like OpenAI ChatGPT and InVideo AI are being used as lures to propagate various threats, such as the CyberLock and LuckyGh0$t ransomware families, and a new malware dubbed Numero. "CyberLock ransomware, developed using PowerShell,...

Trojaned AI Tool Leads to Disney Hack

This is a sad story of someone who downloaded a Trojaned AI tool that resulted in hackers taking over his computer and, ultimately, costing him his job...

Microsoft’s AI Recall Tool Is Still Sucking Up Credit Card and Social Security Numbers

Plus: The US indicts North Koreans in fake IT worker scheme, file-sharing firm Cleo warns customers to patch a vulnerability amid live attacks, and more...

Microsoft’s New Recall AI Tool May Be a ‘Privacy Nightmare’

Plus: US surveillance reportedly targets pro-Palestinian protesters, the FBI arrests a man for AI-generated CSAM, and stalkerware targets hotel computers...

A Deepfake Porn Bot Is Being Used to Abuse Thousands of Women

An AI tool that “removes” items of clothing from photos has targeted more than 100,000 women, some of whom appear to be under the age of 18...

A British AI Tool to Predict Violent Crime Is Too Flawed to Use

A government-funded system known as Most Serious Violence was built to predict first offenses but turned out to be wildly inaccurate...