67 matches found
Technical Report: Exploring the Emerging Threats of the Agent Skill Ecosystem
We analyzed 3,984 AI agent skills from major marketplaces and found 76 confirmed malicious payloads, including credential theft, backdoor installation, and data exfiltration. 13.4% of all skills contain at least one critical-level security issue and at least 8 manually confirmed malicious skills...
The March Madness scam playbook
March Madness is the annual men's and women's NCAA Division I basketball tournament, where 68 teams play in a single-elimination bracket for the US national championship. But March Madness doesn’t just bring buzzer beaters and busted brackets. It also kicks off a short, intense season for scammer...
Execution Is the New Attack Surface: Survivability-Aware Agentic Crypto Trading with OpenClaw-Style Local Executors
OpenClaw-style agent stacks turn language into privileged execution: LLM intents flow through tool interception, policy gates, and a local executor. In parallel, skill marketplaces such as skills.sh make capability acquisition as easy as installing skills and CLIs, creating a growing capability...
New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft
Cybersecurity researchers have disclosed details of a new mobile spyware platform dubbed ZeroDayRAT that's being advertised on Telegram as a way to grab sensitive data and facilitate real-time surveillance on Android and iOS devices. "The developer runs dedicated channels for sales, customer...
Examining the Security Posture of an Anti-Crime Ecosystem
Whitepaper called Examining the security posture of an Anti-Crime Ecosystem. The prevalence of anti-crime technology has seen a steep incline in the past few years. Since the introduction of cell phones, the expectation of privacy has gone steeply down. With that in mind, independent security...
10 Successful Marketplaces Built on Sharetribe: Lessons Learned
The marketplace revolution is here, and it's transforming how we buy, sell, and share everything from vintage furniture…...
EUVD-2024-25045
Malicious code in bioql PyPI...
Buy It Now, Track Me Later: Attacking User Privacy Via Wi-Fi AP Online Auctions
Static and hard-coded layer-two network identifiers are well known to present security vulnerabilities and endanger user privacy. In this work, we introduce a new privacy attack against Wi-Fi access points listed on secondhand marketplaces. Specifically, we demonstrate the ability to remotely...
Are Crypto Ecosystems (De)Centralizing? A Framework for Longitudinal Analysis
Blockchain technology relies on decentralization to resist faults and attacks while operating without trusted intermediaries. Although industry experts have touted decentralization as central to their promise and disruptive potential, it is still unclear whether the crypto ecosystems built around...
Authorities Seize Domains of Popular Hacking Forums in Major Cybercrime Crackdown
An international law enforcement operation has dismantled the domains associated with various online platforms linked to cybercrime such as Cracked, Nulled, Sellix, and StarkRDP. The effort, which took place between January 28 and 30, 2025, targeted the following domains - www.cracked.io...
Operation Talent: FBI Seizes Nulled.to, Cracked.to, Sellix.io and more
The FBI has seized Nulled.to, Cracked.to, Sellix.io, and StarkRDP.io in Operation Talent, targeting cybercrime forums and illicit marketplaces.…...
CVE-2025-21380 Azure Marketplace SaaS Resources Information Disclosure Vulnerability
...
Authorities Seize Dark Web Marketplaces Sipulitie and Tsätti
Finnish Customs and Swedish Police, with Bitdefender's support, shut down dark web marketplaces Sipulitie and Tsätti. These platforms…...
CVE-2024-27852
A privacy issue was addressed with improved client ID handling for alternative app marketplaces. This issue is fixed in iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to distribute a script that tracks users on other webpages...
CVE-2024-27852
A privacy issue was addressed with improved client ID handling for alternative app marketplaces. This issue is fixed in iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to distribute a script that tracks users on other webpages...
CVE-2024-27852
CVE-2024-27852 is a privacy issue in Apple’s MarketplaceKit component affecting iOS/iPadOS prior to 17.5. The root cause is improper client ID handling for alternate app marketplaces, enabling a malicious webpage to cause a script to track users across sites. Official advisories state the issue i...
CVE-2024-27852
A privacy issue was addressed with improved client ID handling for alternative app marketplaces. This issue is fixed in iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to distribute a script that tracks users on other webpages...
CVE-2024-27852
A privacy issue was addressed with improved client ID handling for alternative app marketplaces. This issue is fixed in iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to distribute a script that tracks users on other webpages...
The mobile malware threat landscape in 2023
The figures above are based on detection statistics received from Kaspersky users who consented to sharing usage data with Kaspersky Security Network. The data for years preceding 2023 may differ from that published previously, as the calculation methodology was refined, and the data was...
Cybersecurity considerations to have when shopping for holiday gifts
As I wrote about last week, there are holiday shopping-related scams already popping up all over the place. But another aspect of security that many shoppers dont consider this time of year is the security of the products theyre buying, even through a legitimate online marketplace. This is a...