• $20 per zero-day is already the WordPress plugin reality
• Deleted Google API keys keep working for up to 23 minutes, researchers warn
• Fake Gemini and Claude Code Sites Spread Infostealers Through SEO Poisoning
• Suspected KimWolf botnet admin arrested over DDoS-for-hire operation
• Apple Blocked $2.2bn in App Store Fraud in the Last Year
• Proton Pass adds monitored credential sharing for AI agents
• CISA’s new KEV nomination form opens reporting to vendors and researchers
• Microsoft 365 users targeted by new phishing threat that bypasses MFA
• Cybercriminal VPN Dismantled in Europol Crackdown
• GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension
• Three-Quarters of Firms Knowingly Ship Vulnerable Code
• Nine-Year-Old Linux Kernel Flaw Leaks SSH Keys and Password Hashes
• Grafana Labs Says Code Breach Stemmed from TanStack Attack
• Android Malware Campaign Used Hundreds of Fake Apps to Silently Charge Users
• Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem
• China-Linked Webworm APT Evolves Tactics, Expands to European Targets
• GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension
• Researchers Warn CypherLoc Scareware Has Targeted Millions of Users
• Verizon DBIR: Vulnerability Exploits Overtake Credentials as Top Access Vector
• Microsoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing Tool
• AI Raises the Bar on Vulnerability Awareness and Secure-by-Design Software

Vulnerability researchers have spent the past year arguing about whether AI agents can find real bugs at scale or whether they mostly generate noise. A pipeline built in three days by researchers from TrendAI and CHT Security supplies an answer, along with a price tag that the security industry will have to reckon with. The system, presented at Ekoparty Miami, pairs AI-driven static analysis with automated Docker provisioning and dynamic verification through Chrome DevTools MCP. …