Hidden Spy for 1.6 Million Users: Popular Browser Extension ModHeader Secretly Collected Browsing History
🇷🇺 securitylab_nJuly 14, 2026

Hidden Spy for 1.6 Million Users: Popular Browser Extension ModHeader Secretly Collected Browsing History

Google and Microsoft have removed the popular ModHeader browser extension from the Chrome Web Store and Microsoft Edge Add-ons after security researchers discovered a hidden mechanism designed to secretly collect users' browsing history. The extension, which had approximately 1.6 million installations, allowed developers to modify HTTP headers for testing and debugging purposes but contained a dormant data-collection module in its legitimate codebase. British firm Stripe OLT confirmed that the suspicious code was part of the genuine signed build rather than a fake version. Although the history-stealing functionality remained inactive due to an empty internal browser list, the extension still transmitted telemetry data and could have been activated remotely via a simple update. Experts recommend immediate removal of the extension, replacement of any credentials entered through it, and blocking of the domains stanfordstudies[.]com and extensions-hub[.]com.

Translated from Russian

Read full article

Latest News

Bankrupt After Just Six Weeks of Production Shutdown: How a Cyber Attack Killed a 37-Year-Old German Textile Manufacturer and Exposed the Cruel Reality of Modern Cyber Threats
🇨🇳安全客Jul 14

Bankrupt After Just Six Weeks of Production Shutdown: How a Cyber Attack Killed a 37-Year-Old German Textile Manufacturer and Exposed the Cruel Reality of Modern Cyber Threats

A 37-year-old German textile processing company, ZEGO Textilveredelungszentrum, has filed for insolvency after a cyber attack halted its production lines for nearly six weeks, demonstrating that business interruption alone can destroy even well-established manufacturing firms without any data theft or ransom demands. The firm, based in Bavaria and serving automotive, workwear, and technical textiles industries, suffered the attack on March 29, 2026, leading to irrecoverable financial losses despite eventual system recovery. Managing Director Johannes Zenglein described the decision as one of the most difficult in the company's history, noting that the prolonged downtime caused severe cash flow disruption, lost orders, and customer attrition. The incident highlights a growing trend where cyber attacks on industrial systems lead directly to bankruptcy, as seen in prior cases like the 158-year-old British transport company Knights of Old and a German mobile phone repair firm. Key lessons include the critical need for robust business continuity plans, quantified downtime cost assessments, and supply chain resilience evaluations beyond traditional security measures. Unlike typical ransomware events, this attack required no encryption or extortion to achieve devastating results, underscoring that operational resilience is now a matter of corporate survival.

Translated from Chinese

t.me Domain Restored in DNS After Sudden Outage, But Full Recovery for Telegram Links May Take Up to 24 Hours
🇷🇺AntiMalwareJul 14

t.me Domain Restored in DNS After Sudden Outage, But Full Recovery for Telegram Links May Take Up to 24 Hours

The short domain t.me has been restored to active DNS status after the .me registry removed the restrictive serverHold flag that had taken it offline worldwide. DNS records have been reinstated, allowing t.me links to function again in browsers, although propagation delays caused by caching at ISPs and recursive resolvers mean not all users will see the change immediately. The outage occurred when the registry-level serverHold status was applied, preventing resolution of the domain despite Telegram continuing to operate normally. As a precaution, Telegram began automatically substituting t.me links with telegram.me inside its mobile and desktop applications. Old t.me addresses continued to work when opened directly within the messenger, but external browsers were unable to reach them. The exact cause of the serverHold status remains unknown, with possibilities including a technical error, legal request, or deliberate action by the registry operator. The domain is now formally active again, and full global visibility depends on DNS cache expiration across networks.

Translated from Russian

Generative AI Can Clone and Modify Android Apps for as Little as 88 Kopecks, Positive Technologies Warns
🇷🇺AntiMalwareJul 14

Generative AI Can Clone and Modify Android Apps for as Little as 88 Kopecks, Positive Technologies Warns

Positive Technologies researchers have demonstrated that generative AI models can successfully modify, reassemble, and preserve the functionality of Android applications in just minutes at extremely low cost. In experiments involving 90 diverse commercial apps, closed-source AI models achieved an 84% success rate while open-weight models reached 61%, requiring an average of 14 iterations and between 5.5 and 9 minutes per attempt. The cost of each successful modification ranged from 0.88 to 40.89 rubles, meaning an attacker could attempt to clone around 100 popular applications for only a few thousand rubles. Although the researchers inserted only neutral changes rather than malicious code, the same technique could be used to embed data interception, alter app behavior, or add connections to external command servers. The resulting fake APKs can then be distributed through third-party stores, websites, messengers, and online communities, primarily threatening users who sideload applications outside official marketplaces. The study shows that AI does not create entirely new attack vectors but dramatically lowers the technical barrier that previously required advanced reverse-engineering skills.

Translated from Russian

Drawn-on-Skin Conductive Ink Electrodes Replace Traditional Sensors: Washable, Customizable Designs Enable Long-Term ECG, EMG, and EEG Monitoring
🇷🇺securitylab_nJul 14

Drawn-on-Skin Conductive Ink Electrodes Replace Traditional Sensors: Washable, Customizable Designs Enable Long-Term ECG, EMG, and EEG Monitoring

Engineers have developed a water-based conductive ink that can be painted directly onto the skin using a brush to form flexible, washable electrodes in any shape or color, including decorative designs like animals or patterns. The ink dries within about ten minutes into a thin, stretchable conductive layer that conforms to skin microrelief, maintains stable electrical contact during movement and sweating, and can be easily removed with water. This approach solves common problems with rigid metal electrodes and hydrogels, such as poor adhesion, air gaps, and signal distortion during physical activity. The system pairs disposable painted electrodes with a reusable electronic module connected via porous silver fabric, enabling Bluetooth transmission of biosignals for up to 12 hours of continuous monitoring. Tests demonstrated reliable electrocardiogram recording during daily activities and exercise, electromyography for controlling robotic prosthetics, and potential uses in pediatrics, neurointerfaces, and even plant monitoring. The innovation, detailed in Proceedings of the National Academy of Sciences with a preliminary patent filed, promises more comfortable and precise long-term biosignal tracking without complex fabrication.

Translated from Russian

Kremlin Spokesperson Peskov Labels EU Sanctions Against MAX Messenger as Manifestation of Repressive Policy
🇷🇺AntiMalwareJul 14

Kremlin Spokesperson Peskov Labels EU Sanctions Against MAX Messenger as Manifestation of Repressive Policy

Dmitry Peskov, the press secretary to the Russian president, has strongly condemned the European Union's decision to impose sanctions on the Russian messenger MAX, describing the move as absolutely absurd and a clear demonstration of the repressive character of European sanctions policy. The EU added the parent company VK and its subsidiary LLC Communication Platform, the developer and operator of MAX, to its sanctions list due to their connection with Russia's national messenger. This action follows the removal of the VK and MAX applications from the Apple App Store in June, although already installed versions continue to function without the ability to receive updates through the store. VK has stated that the sanctions have not impacted the messenger's operations and that MAX along with other services remain fully available to users in normal mode. The situation raises questions about whether further barriers will emerge around MAX beyond the current sanctions listings and App Store restrictions, with political rhetoric currently outweighing any significant technical consequences.

Translated from Russian

ChatGPT Returns to WhatsApp After EU Forces Meta to Reopen Business API to Rival AI Bots
🇷🇺AntiMalwareJul 14

ChatGPT Returns to WhatsApp After EU Forces Meta to Reopen Business API to Rival AI Bots

Home users of generative AI services have begun seeing <b>ChatGPT</b> working again inside <b>WhatsApp</b>, owned by <b>Meta</b> (recognized as extremist and banned in Russia). The partial restoration follows an EU antitrust investigation that accused Meta of abusing its dominant position to favor its own AI assistant. <b>OpenAI</b> originally launched the integration in 2024, allowing users to message the chatbot like any regular contact without extra apps. In 2025 Meta updated its <b>Business API</b> rules, effectively blocking third-party universal chatbots and pushing competitors out. After the European Commission intervened, Meta was required to reopen access, and <b>ChatGPT</b> is now gradually reappearing for some users. The rollout remains uneven, with some contacts responding normally while others stay silent, and no paid subscription is required. Neither Meta nor OpenAI has officially linked the return to the EU decision.

Translated from Russian

Five Minutes and 88 Kopecks: AI Neural Networks Can Now Disassemble, Modify and Reassemble Android Apps at Minimal Cost
🇷🇺securitylab_nJul 14

Five Minutes and 88 Kopecks: AI Neural Networks Can Now Disassemble, Modify and Reassemble Android Apps at Minimal Cost

Researchers at Positive Technologies have shown that modern large language models can now disassemble Android APK files, introduce changes, reassemble the applications, and preserve their functionality in as little as five minutes for a cost of only 88 kopecks. In a controlled laboratory experiment involving 90 diverse Android applications, closed commercial models succeeded in 84 percent of attempts while open-weight models achieved a 61 percent success rate, requiring an average of 14 interaction steps per application. The entire process took between 5 minutes 38 seconds and 9 minutes 9 seconds depending on the chosen model, with costs ranging from 88 kopecks to 40 rubles 89 kopecks per successful modification. Although the researchers performed only neutral code changes without introducing malware or accessing real user data, the same automated workflow could be exploited by attackers to intercept sensitive information, alter app behavior, or connect to malicious services. Modified APK files can then be distributed through unofficial stores, websites, messengers, and third-party repositories, often advertised as enhanced versions without restrictions. The study highlights that while large language models have not invented new attack techniques, they have dramatically reduced the cost, time, and technical skill required for reverse engineering and repackaging Android applications.

Translated from Russian

Six Weeks of Inactivity and 37 Years of History Lost: Cyberattack Forces German Textile Firm ZEGO into Bankruptcy
🇷🇺securitylab_nJul 14

Six Weeks of Inactivity and 37 Years of History Lost: Cyberattack Forces German Textile Firm ZEGO into Bankruptcy

A prolonged cyberattack that halted operations for nearly six weeks has driven the Bavarian textile company ZEGO Textilveredelungszentrum into insolvency proceedings, ending 37 years of business activity. The firm, which specialized in fabric finishing and processing for the automotive sector, workwear producers, and technical textiles, was unable to recover from the severe financial strain caused by the production standstill that began after the incident on 29 March 2026. Managing Director Johannes Zenglein described the decision to seek creditor protection as one of the most difficult in the company’s history, noting that the financial burden had become insurmountable. Although the company has not disclosed whether ransomware was involved or whether attackers accessed customer or employee data, it confirmed that the operational shutdown alone pushed the business to the brink of collapse. ZEGO now hopes to continue limited production while insolvency administrators explore restructuring options to preserve jobs and relationships with clients and suppliers. The case echoes other high-profile incidents, such as the bankruptcy of British logistics company KNP Logistics after 158 years of operation following a ransomware attack that encrypted its systems.

Translated from Russian

RZD Trunk Quantum Network Obtains FSTEC Attestation and Enters External Commercial Market
🇷🇺AntiMalwareJul 14

RZD Trunk Quantum Network Obtains FSTEC Attestation and Enters External Commercial Market

Russia’s state-owned railway operator RZD has successfully passed certification by the Federal Service for Technical and Export Control (FSTEC), confirming that its trunk quantum network meets the requirements for information systems of the second protection class. The attestation enables RZD to begin offering quantum-secured communication services to external organizations, including banks, industrial enterprises, medical institutions, and transport companies. Quantum key distribution technology allows any interception attempt to be detected because interference with the quantum channel alters the state of transmitted particles, providing a level of security far beyond conventional encryption methods. The network is already being tested by the Bank of Russia, the Federal Treasury, the Financial University, and several major banks, with potential clients also identified in the oil-and-gas, industrial, healthcare, and transportation sectors. The Ministry of Digital Development considers the technology sufficiently mature and has included further expansion of the quantum network through 2030 in the national “Data Economy” project roadmap. As a result, RZD is gradually transforming from a traditional carrier of passengers and cargo into an operator of protected digital highways.

Translated from Russian

🇷🇺

From Russian sources

Translated from Russian

View all (50) →
Phishers Launch Dark Web Platform to Spoof Real Corporate Email Addresses from Major Companies
🇷🇺AntiMalwareJul 14

Phishers Launch Dark Web Platform to Spoof Real Corporate Email Addresses from Major Companies

A new phishing platform has emerged on the dark web that enables attackers to send mass emails appearing to originate from legitimate corporate addresses of well-known organizations. The tool relies on advanced email spoofing techniques, making the sender’s domain and company name look authentic to recipients. According to research from BI.ZONE Threat Intelligence reported by Izvestia, the service is actively advertised on underground forums as a ready-to-use solution for large-scale campaigns. It also automatically scrapes official websites to replicate logos, branding, and email styling, significantly increasing the credibility of the fraudulent messages. Victims may receive messages disguised as invoices, security alerts, contractor proposals, or urgent data confirmation requests. Traditional advice to verify the sender address is now insufficient, as the displayed domain genuinely belongs to the targeted company. Security experts warn that users must now scrutinize links, unexpected requests, and any demands to download files or provide credentials.

Argentina Football Association Admits Hack After Victory Over Egypt: Fake Email Questions Referee Integrity in World Cup Match
🇷🇺securitylab_nJul 14

Argentina Football Association Admits Hack After Victory Over Egypt: Fake Email Questions Referee Integrity in World Cup Match

Following Argentina's 1/8 finals victory over Egypt at the FIFA World Cup, the Argentine Football Association (AFA) suffered a significant cyber intrusion that allowed hackers to send a forged email from an official AFA Medios account to accredited journalists. The message accused French referee Francois Letexier of biased officiating in favor of Argentina, lavishly praised the Egyptian team's performance, and included threatening language tied to the Middle East conflict. AFA quickly denied authorizing the message and confirmed unauthorized access to internal systems, including parts of its database containing emails, passwords, and IP addresses that may now be sold on dark web forums. The fabricated claims closely mirrored public criticisms voiced by Egyptian coach Hossam Hassan and player Mostafa Zico after their elimination. AFA has launched a full investigation to assess the breach's scope and improve security, while advising affected users to change passwords immediately. Argentina, meanwhile, continues preparations for its quarterfinal clash against Switzerland.

RedHook Android Trojan Automatically Enables Wireless ADB Debugging to Hijack Devices Without Root or User Interaction
🇷🇺securitylab_nJul 14

RedHook Android Trojan Automatically Enables Wireless ADB Debugging to Hijack Devices Without Root or User Interaction

The RedHook trojan, first identified in July 2025, has gained a novel capability that allows it to independently activate wireless ADB debugging on infected Android devices, granting system-shell privileges without requiring root access or any victim interaction. Infection begins through social engineering calls or messages impersonating bank or government officials, tricking users into installing malicious APKs hosted on legitimate platforms such as GitHub repositories and Amazon S3 storage. Once installed, the malware obtains accessibility service permissions and then silently navigates device settings, taps the build number seven times to unlock developer options, and enables wireless debugging. Leveraging code derived from the popular Shizuku tool, RedHook launches its own ADB client to connect directly to the local debugging server, bypassing the need for a computer. With elevated privileges, the trojan can install or uninstall applications, modify protected settings, grant itself permissions, and exfiltrate data and screen recordings over encrypted channels while employing multiple persistence techniques including mutual process resurrection and post-reboot restoration. Attacks have so far been concentrated in Southeast Asia, particularly Vietnam and Indonesia. Security experts recommend installing apps only from official stores and exercising caution with accessibility permission requests.

Google Enhances Android Backup Controls in Play Services Update, Adds Document Sync to Google Drive Amid Storage Limit Cut
🇷🇺AntiMalwareJul 14

Google Enhances Android Backup Controls in Play Services Update, Adds Document Sync to Google Drive Amid Storage Limit Cut

Google is updating its Android backup system through Google Play Services version 26.25, introducing separate toggles for messaging backups and the ability to automatically save documents to the cloud. Users can now disable SMS, MMS, and RCS backups independently, though RCS remains nested under the MMS category for less visibility. The new document backup feature supports formats including DOC, PPT, XLS, and PDF, storing copies in a device-named folder on Google Drive without automatic synchronization to the original files. These changes coincide with Google's reduction of free storage from 15 GB to 5 GB, where Android backups now count against the quota, potentially turning small 40 MB backups into much larger archives. The update provides more granular control over what gets backed up, including call history and system settings, accessible via Settings > Accounts and backup > Google Backup > Other device data. While the feature can help preserve important files, it risks quickly exhausting limited free storage if documents are included.

Telegram Loses Global Short Links as t.me Domain Disabled Worldwide by .me Registry
🇷🇺AntiMalwareJul 14

Telegram Loses Global Short Links as t.me Domain Disabled Worldwide by .me Registry

On July 13, users worldwide discovered that Telegram’s short links in the t.me format stopped opening in web browsers, although the messenger itself continued to function normally. The issue was first reported by the Russian publication Kode Durova and affects only external browser access, while links remain fully operational inside the Telegram desktop client and mobile applications. According to preliminary findings, the domain was effectively removed from the DNS system at the registry level of the .me top-level domain, which belongs to Montenegro and is operated by the company doMEn. The exact reason for the deactivation remains unknown, with possible explanations including a legal dispute, routine verification, government requests, or a violation of the domain zone’s rules. Notably, the t.me domain is registered to Telegram until 2035, ruling out simple expiration or administrative oversight. As a result, users are currently advised to open t.me links directly through the Telegram app while waiting for the domain to be restored in the global DNS.

The Formula Remains the Same, but the Mathematics Changes: Physicists Show Quantum World Can Be Described Without Imaginary Numbers
🇷🇺securitylab_nJul 14

The Formula Remains the Same, but the Mathematics Changes: Physicists Show Quantum World Can Be Described Without Imaginary Numbers

Researchers from Heinrich Heine University Düsseldorf and the German Aerospace Center have developed a new mathematical framework for quantum mechanics that relies solely on real numbers instead of complex numbers. By relaxing one overly restrictive assumption from a 2021 study that concluded imaginary numbers were indispensable, the team created an entire family of real-valued theories capable of reproducing all predictions of standard quantum mechanics. The work demonstrates that complex numbers, while convenient, are not necessarily a fundamental requirement of nature but rather one possible mathematical tool for describing quantum phenomena such as wave-particle duality, tunneling, and entanglement. The new approach maintains identical experimental outcomes for any conceivable test, making the two formulations indistinguishable through measurement alone. Although the authors do not advocate replacing the established complex-number formalism, their findings open fresh perspectives on the mathematical foundations of quantum theory and its applications in quantum computing and secure communication.

🇨🇳

From Chinese sources

Translated from Chinese

View all (7) →
Ghostcommit Attack: Malicious Prompts Hidden in PNG Images Hijack AI Coding Agents to Steal .env Secrets
🇨🇳安全客Jul 13

Ghostcommit Attack: Malicious Prompts Hidden in PNG Images Hijack AI Coding Agents to Steal .env Secrets

A novel supply-chain attack called Ghostcommit allows attackers to embed prompt-injection instructions inside PNG images, bypassing AI-powered code review tools and tricking coding agents into leaking sensitive .env configuration files and API keys. Researchers from the ASSET Research Group demonstrated that direct plaintext instructions are immediately flagged by tools such as Cursor and CodeRabbit, but splitting the payload across an AGENTS.md file and a seemingly innocuous image evades detection. The attack remains dormant until a developer later asks the agent to perform normal development tasks, at which point the agent reads the image, extracts the .env contents byte-by-byte, and outputs them as a long tuple of ASCII numbers. Testing across 11 tool-model combinations revealed that success depends primarily on the runtime framework rather than the underlying LLM, with Cursor and Antigravity leaking secrets while Claude Code successfully blocked the attack in most cases. The team also released an open-source multimodal defense prototype based on Gemma 4 that runs on a single 4 GB GPU and achieved near-perfect detection rates on both known and unknown attack samples.

Phase II of National 100-City FDE Frontier Deployment Engineer Onboarding Program Officially Launches
🇨🇳安全客Jul 12

Phase II of National 100-City FDE Frontier Deployment Engineer Onboarding Program Officially Launches

The second phase of the nationwide "Hundred Cities On-the-Job Plan" for FDE Frontier Deployment Engineers has been announced, expanding opportunities across China. The initiative targets experienced engineers specializing in advanced deployment technologies and aims to place professionals in key urban centers. Building on the success of the first phase, this new round seeks to strengthen technical capabilities in critical infrastructure and cybersecurity domains. Participants will receive structured onboarding, training, and direct placement support in multiple cities. The program underscores growing demand for specialized deployment expertise amid rapid digital transformation.

630GB of Apple Secrets Leaked on Dark Web: WorldLeaks Breach Shatters Tata Electronics Supply Chain Security
🇨🇳安全客Jul 12

630GB of Apple Secrets Leaked on Dark Web: WorldLeaks Breach Shatters Tata Electronics Supply Chain Security

In June 2026, the ransomware group WorldLeaks infiltrated Tata Electronics, Apple's key manufacturing partner in India, and exfiltrated 630GB of highly sensitive data comprising over 200,000 files that were subsequently posted on the dark web. The stolen materials include unreleased iPhone 18 Pro motherboard schematics, A20 Pro chip technical manuals, complete supplier lists, Tesla component designs, and employee passport copies, exposing the vulnerabilities in Apple's two-decade supply chain secrecy system built at a cost of billions of dollars. WorldLeaks, formerly known as Hunters International, employed a 'steal-only' tactic without encryption, capitalizing on the growing trend of data extortion that has proven more profitable than traditional ransomware. The breach raises serious concerns about Apple's ambitious India manufacturing expansion, which aims to increase local component sourcing from 10% to 50% within three years, and highlights broader risks to global supply chains involving companies such as Tesla, TSMC, and Qualcomm. Apple responded swiftly by deploying DMCA takedowns across platforms like X within 24 hours, yet the irreversible nature of dark web leaks underscores the need for enhanced supplier security audits, data segmentation, and proactive data loss prevention measures.

Iranian State-Sponsored Hackers Unveil Cavern C2 Framework: Multi-Format .NET Compilation Bypasses All Security Detection Tools
🇨🇳安全客Jul 12

Iranian State-Sponsored Hackers Unveil Cavern C2 Framework: Multi-Format .NET Compilation Bypasses All Security Detection Tools

In July 2026, Check Point Research exposed Cavern Manticore, an Iranian MOIS-linked APT group, actively targeting Israeli IT providers and government entities with a sophisticated modular C2 framework called Cavern (also known as Cav3rn). Unlike previous Iranian groups that rely on public tools, this actor built an entirely custom .NET-based framework deliberately compiled into three incompatible binary formats—pure IL, mixed-mode C++/CLI, and .NET 8 Native AOT—to force analysts to maintain multiple reverse-engineering toolchains and dramatically increase operational costs. The framework achieves near-zero detection rates on VirusTotal by avoiding traditional obfuscation and instead weaponizing compilation formats themselves, with modules running in isolated AppDomains that leave no persistent artifacts. Attackers gain initial access through compromised RMM solutions such as SysAid, abusing legitimate update mechanisms to sideload the Cavern Agent disguised as uxtheme.dll via a WinDirStat DLL side-loading chain. Communication uses XOR encryption with Base64 encoding, fixed Edge User-Agent strings, custom headers, and a unique protocol syntax, while supporting hot updates and aggressive cleanup. The campaign coincides with parallel operations by MuddyWater against regional targets, highlighting Iran’s coordinated escalation in cyberspace and the growing threat of supply-chain trust abuse against MSPs and RMM platforms worldwide.

Medtronic Cyberattack Exposes Patient Data: Six-Day Breach Puts Social Security Numbers and Health Records at Risk
🇨🇳安全客Jul 12

Medtronic Cyberattack Exposes Patient Data: Six-Day Breach Puts Social Security Numbers and Health Records at Risk

In April 2026, medical device giant Medtronic suffered a cyber intrusion that lasted six days, allowing unauthorized access to backend IT systems containing sensitive patient information. The breach, discovered on April 19 after beginning on April 13, exposed names, contact details, birth dates, Social Security numbers, and health treatment data linked to devices such as pacemakers, insulin pumps, and neurostimulators. Although the medical devices themselves remain unaffected and show no signs of remote tampering, the leaked data poses severe risks of identity theft, financial fraud, and targeted scams that could persist for years. Medtronic has initiated emergency response measures, engaged external experts, and notified law enforcement and regulators, while offering 24 months of free identity monitoring to affected users. The incident highlights how even large enterprises struggle with securing ordinary office IT systems that store critical patient records, underscoring the need for individuals to monitor accounts and adopt stronger security habits.

Top 10 Security Risks Facing Autonomous AI Agents: From Prompt Injection to Compliance Failures
🇨🇳安全客Jul 12

Top 10 Security Risks Facing Autonomous AI Agents: From Prompt Injection to Compliance Failures

As AI evolves from conversational large language models to autonomous agents capable of planning trips, writing reports, browsing the web, and executing purchases, a new wave of unprecedented security challenges emerges. These agents can invoke tools, access databases, run code, and autonomously chain tasks, making any vulnerability far more consequential than traditional AI systems. The article systematically outlines ten core risks, including prompt injection, excessive permissions, unsafe tool calls, data leaks, hallucinations leading to irreversible errors, supply chain attacks, multi-agent trust abuse, persistence and self-replication, session hijacking with memory poisoning, and regulatory compliance gaps. It emphasizes that agent security is no longer optional but requires immediate threat modeling, red teaming, permission audits, and adherence to frameworks like OWASP LLM Top 10 and NIST AI RMF. Developers, enterprises, and users must act swiftly to mitigate these expanding attack surfaces before autonomous capabilities outpace defensive measures.