Researchers uncover wormable XMRig campaign using BYOVD exploit and LLM-built React2Shell attacks hitting 90+ hosts.
Category: robotics/AI – Page 16
Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens
Cybersecurity researchers have disclosed what they say is an active “Shai-Hulud-like” supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential harvesting and cryptocurrency key theft.
The campaign has been codenamed SANDWORM_MODE by supply chain security company Socket. As with prior Shai-Hulud attack waves, the malicious code embedded into the packages comes with capabilities to siphon system information, access tokens, environment secrets, and API keys from developer environments and automatically propagate by abusing stolen npm and GitHub identities to extend its reach.
“The sample retains Shai-Hulud hallmarks and adds GitHub API exfiltration with DNS fallback, hook-based persistence, SSH propagation fallback, MCP server injection with embedded prompt injection targeting AI coding assistants, and LLM API Key harvesting,” the company said.
AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries
With Fortinet appliances becoming an attractive target for threat actors, it’s essential that organizations ensure management interfaces are not exposed to the internet, change default and common credentials, rotate SSL-VPN user credentials, implement multi-factor authentication for administrative and VPN access, and audit for unauthorized administrative accounts or connections.
It’s also recommended to isolate backup servers from general network access, ensure all software programs are up-to-date, and monitor for unintended network exposure.
“As we expect this trend to continue in 2026, organizations should anticipate that AI-augmented threat activity will continue to grow in volume from both skilled and unskilled adversaries,” Moses said. “Strong defensive fundamentals remain the most effective countermeasure: patch management for perimeter devices, credential hygiene, network segmentation, and robust detection for post-exploitation indicators.”
Android mental health apps with 14.7M installs filled with security flaws
Several mental health mobile apps with millions of downloads on Google Play contain security vulnerabilities that could expose users’ sensitive medical information.
In one of the apps, security researchers discovered more than 85 medium-and high-severity vulnerabilities that could be exploited to compromise users’ therapy data and privacy.
Some of the products are AI companions designed to help people suffering from clinical depression, multiple forms of anxiety, panic attacks, stress, and bipolar disorder.
THE AI DOC: OR HOW I BECAME AN APOCALOPTIMIST Trailer
2026 | Subscribe ➤ https://abo.yt/ki | https://KinoCheck.com/movie/e8r/the-ai-doc-or-how-i-became-a…escription.
The AI Doc: Or How I Became an Apocaloptimist (2026) is the new documentary by Daniel Roher & Charlie Tyrell.
The AI Doc: Or How I Became an Apocaloptimist rent/buy ➤ https://amzo.in/movie/e8r/the-ai-doc-or-how-i-became-an-apocaloptimist-2026
Most popular movies right now ➤ https://amzo.in/bestsellermovies.
Most wanted movies of all time ➤ https://amzo.in/wishlistmovies.
Note | #TheAiDocOrHowIBecameAnApocaloptimist #Trailer courtesy of Universal Pictures. | All Rights Reserved. | https://amzo.in are affiliate-links. That add no additional cost to you, but will support our work through a small commission. | #KinoCheck®
Plasma-based strategies for systemic rejuvenation: critical perspectives on clinical translation
Experimental models such as heterochronic parabiosis and heterochronic plasma transfer have profoundly advanced our understanding of systemic aging, demonstrating that circulating factors can influence brain, vascular, and immune aging through cell nonautonomous mechanisms. These preclinical models have revealed that both pro-geronic and anti-geronic signals in blood can modulate neuroinflammation, neurovascular health, and cognitive resilience. However, despite their experimental promise, the clinical translation of these findings, particularly through plasma-based interventions in humans, remains fraught with uncertainty.
Apple’s Next Big Thing Is a Push Into Visual Artificial Intelligence
Apple CEO Tim Cook is signaling that Visual Intelligence will be the defining feature of the company’s push into wearable AI devices. Also: What to expect from Apple’s first product launches of the year during the week of March 2; the iPhone 18 Pro’s color options; and the latest on iOS 26.4.
Last week in Power On: Tesla CarPlay support was held back by the need for wider adoption of iOS 26.
