Security Boulevard

SmartApeSG Launches Okendo Reviews Supply Chain Attack

IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...

Over 1 million WordPress sites at risk after popular plugins hacked

Three popular plugins served malicious JavaScript through a compromised CDN.
Tom's Hardware on MSN

Hades malware campaign now tricks AI bots by injecting text about biological and nuclear ...

This is probably the dictionary illustration for "deceptively simple." ...

WebMCP Can Be Used To Hijack AI Agents, Chrome Warns

Chrome's WebMCP guidance warns that AI agents can be manipulated through the tools they are built to trust.
Infosecurity Magazine

New “Agentjacking” Attacks Could Hijack AI Coding Agents

Tenet Security researchers reveal how new “agentjacking” attacks could trick coding agents into executing arbitrary code ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
The Hacker News

ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors ...

Weekly ThreatsDay recap: old bugs, fake tools, shady payload tricks, AI mishaps, and the usual reminder that the internet is still held together with ...