Information security

[ follow ]
#russian-hackers #power-grid #power-grid-attack #input-validation #cve-2022-2856 #phishing
#cybersecurity
Information security
fromThe Hacker News
1 hour ago

UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware

UNC6692 uses social engineering via Microsoft Teams to deploy malware, targeting senior employees with email spam and impersonation tactics.
Information security
fromTheregister
1 hour ago

China-linked crews turn routers into covert attack proxies

China-linked threat actors exploit compromised routers and IoT devices to create proxy networks for cyber intrusions and data theft.
Information security
fromThe Hacker News
5 hours ago

ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

Supply chain vulnerabilities and AI tools exacerbate ongoing cyber threats, including state-backed crypto heists and active remote code execution exploits.
Information security
fromComputerWeekly.com
8 hours ago

Chinese hackers using compromised networks to spy on Western companies, says Five Eyes | Computer Weekly

China-linked hackers are using vulnerable internet-connected devices to obscure espionage and hacking operations against Western organizations.
Information security
fromThe Hacker News
1 hour ago

UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware

UNC6692 uses social engineering via Microsoft Teams to deploy malware, targeting senior employees with email spam and impersonation tactics.
Information security
fromTheregister
1 hour ago

China-linked crews turn routers into covert attack proxies

China-linked threat actors exploit compromised routers and IoT devices to create proxy networks for cyber intrusions and data theft.
Information security
fromThe Hacker News
5 hours ago

ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

Supply chain vulnerabilities and AI tools exacerbate ongoing cyber threats, including state-backed crypto heists and active remote code execution exploits.
Information security
fromComputerWeekly.com
8 hours ago

Chinese hackers using compromised networks to spy on Western companies, says Five Eyes | Computer Weekly

China-linked hackers are using vulnerable internet-connected devices to obscure espionage and hacking operations against Western organizations.
more#cybersecurity
Information security
fromIT Brew
3 minutes ago

Asking around: When does ransomware threat intelligence become noise?

Effective threat intelligence requires filtering information relevant to specific market segments to avoid overwhelming alerts.
#ai-security
Information security
fromFortune
2 hours ago

Security experts head to D.C. to debate standards for securing AI systems as Mythos raises the stakes | Fortune

AI systems are becoming attractive targets for adversaries, with vulnerabilities discovered faster than developers can respond.
Information security
fromTNW | Anthropic
1 day ago

Unauthorized users gained access to Anthropic's restricted Mythos AI model

Unauthorized users accessed Claude Mythos Preview by guessing its URL, raising concerns about security in AI model access.
Information security
fromThe Verge
1 day ago

Anthropic's most dangerous AI model just fell into the wrong hands

Mythos AI model accessed by unauthorized users, raising cybersecurity concerns about its potential misuse.
Information security
fromSecuritymagazine
1 day ago

Unauthorized Users Accessed Claude Mythos, New Reports Suggest

Unauthorized access to Anthropic's AI model, Claude Mythos Preview, raises security concerns among experts due to its ability to identify digital vulnerabilities.
Information security
fromFortune
2 hours ago

Security experts head to D.C. to debate standards for securing AI systems as Mythos raises the stakes | Fortune

AI systems are becoming attractive targets for adversaries, with vulnerabilities discovered faster than developers can respond.
Information security
fromTNW | Anthropic
1 day ago

Unauthorized users gained access to Anthropic's restricted Mythos AI model

Unauthorized users accessed Claude Mythos Preview by guessing its URL, raising concerns about security in AI model access.
Information security
fromThe Verge
1 day ago

Anthropic's most dangerous AI model just fell into the wrong hands

Mythos AI model accessed by unauthorized users, raising cybersecurity concerns about its potential misuse.
Information security
fromSecuritymagazine
1 day ago

Unauthorized Users Accessed Claude Mythos, New Reports Suggest

Unauthorized access to Anthropic's AI model, Claude Mythos Preview, raises security concerns among experts due to its ability to identify digital vulnerabilities.
more#ai-security
Information security
fromInfoWorld
6 hours ago

Offer customers passkeys by default, UK's NCSC tells enterprises

Passkeys are recommended as the primary authentication method due to their security against phishing and credential reuse.
Information security
fromThe Hacker News
10 hours ago

Vercel Finds More Compromised Accounts in Context.ai-Linked Breach

Vercel identified additional compromised customer accounts linked to a security incident involving unauthorized access to its internal systems.
#malware
Information security
fromInfoWorld
19 hours ago

Malicious pgserve, automagik developer tools found in npm registry

Malicious npm packages aim to steal sensitive data and credentials, potentially leading to complete organizational takeovers.
Information security
fromTechRepublic
1 day ago

Fake Google Antigravity Installer Can Steal Accounts in Minutes

A fake Google Antigravity download exposes user accounts to compromise by delivering malware alongside the legitimate application.
Information security
fromInfoWorld
19 hours ago

Malicious pgserve, automagik developer tools found in npm registry

Malicious npm packages aim to steal sensitive data and credentials, potentially leading to complete organizational takeovers.
Information security
fromTechRepublic
1 day ago

Fake Google Antigravity Installer Can Steal Accounts in Minutes

A fake Google Antigravity download exposes user accounts to compromise by delivering malware alongside the legitimate application.
more#malware
#data-breach
fromTechCrunch
5 hours ago
Information security

Vercel says some of its customers' data was stolen prior to its recent hack | TechCrunch

Information security
fromTechCrunch
5 hours ago

Vercel says some of its customers' data was stolen prior to its recent hack | TechCrunch

Vercel experienced a data breach affecting customer accounts, with evidence of prior compromises suggesting broader security implications.
more#data-breach
#artificial-intelligence
fromFortune
9 hours ago
Information security

Former national cyber director: Anthropic's 'Mythos' AI can hack nearly anything and we aren't ready | Fortune

Information security
fromFortune
1 day ago

The Mythos meeting focused on the wrong AI risk to banks. Here's the one nobody is talking about | Fortune

Artificial intelligence is transforming fraud into a machine-driven, scalable threat, posing risks beyond traditional cyber attacks.
Information security
fromFortune
9 hours ago

Former national cyber director: Anthropic's 'Mythos' AI can hack nearly anything and we aren't ready | Fortune

Mythos, Anthropic's advanced AI model, poses significant risks to critical infrastructure, necessitating urgent investment and collaboration to enhance cybersecurity.
Information security
fromFortune
1 day ago

The Mythos meeting focused on the wrong AI risk to banks. Here's the one nobody is talking about | Fortune

Artificial intelligence is transforming fraud into a machine-driven, scalable threat, posing risks beyond traditional cyber attacks.
more#artificial-intelligence
Information security
fromForbes
5 hours ago

How To Spot A Fake Candidate Before You Hire One

Deepfake technology is increasingly used in hiring fraud, posing significant challenges for recruiters and companies.
#ai
fromInfoWorld
18 hours ago
Information security

Claude Mythos signals a new era in AI-driven security, finding 271 flaws in Firefox

Information security
fromSecurityWeek
10 hours ago

AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers

AI systems can autonomously hack cloud environments, demonstrating advanced capabilities in executing sophisticated attacks without specific instructions.
Information security
fromFast Company
1 day ago

Brace yourself for a flood of patches in all of your tech gadgets

Mythos, Anthropic's AI model, identifies software vulnerabilities, prompting urgent updates to prevent exploitation by hackers.
Information security
fromInfoWorld
18 hours ago

Claude Mythos signals a new era in AI-driven security, finding 271 flaws in Firefox

AI has exposed hundreds of vulnerabilities in Mozilla's Firefox browser, highlighting both cybersecurity advancements and dual-use risks.
Information security
fromComputerworld
18 hours ago

Claude Mythos signals a new era in AI-driven security, finding 271 flaws in Firefox

AI has exposed hundreds of vulnerabilities in Mozilla's Firefox browser, highlighting both cybersecurity advancements and dual-use risks.
Information security
fromSecurityWeek
10 hours ago

AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers

AI systems can autonomously hack cloud environments, demonstrating advanced capabilities in executing sophisticated attacks without specific instructions.
Information security
fromFast Company
1 day ago

Brace yourself for a flood of patches in all of your tech gadgets

Mythos, Anthropic's AI model, identifies software vulnerabilities, prompting urgent updates to prevent exploitation by hackers.
more#ai
Information security
fromSecurityWeek
12 hours ago

Recent Microsoft Defender Vulnerability Exploited as Zero-Day

A zero-day vulnerability in Microsoft Defender, tracked as CVE-2026-33825, allows privilege escalation through a flaw named BlueHammer.
Information security
fromTechCrunch
8 hours ago

Surveillance vendors caught abusing access to telcos to track people's phone locations, researchers say | TechCrunch

Two spying campaigns exploit telecom infrastructure weaknesses to track individuals' locations, revealing ongoing vulnerabilities in global phone networks.
Information security
fromSecuritymagazine
20 hours ago

NIST's New Prioritization Criteria for CVEs, Examined by Experts

NIST is changing its approach to handling cybersecurity vulnerabilities by prioritizing certain CVEs for immediate enrichment in the National Vulnerability Database.
fromSecuritymagazine
20 hours ago

Operationally Ineffective: Putting CVEs in a Chokehold with Privilege Disruption

A Common Vulnerability Exposure (CVE) that cannot reach the privilege plane is operationally ineffective - even at a CVSS Score of 10. This should be a core philosophy that is embedded into the fabric of software engineering.
Information security
Information security
fromTechRepublic
23 hours ago

Microsoft Patch Still Leaves 1,300 SharePoint Servers Exposed

Over 1,300 internet-exposed Microsoft SharePoint servers remain unpatched against a spoofing flaw, CVE-2026-32201, posing significant security risks.
Information security
fromDeveloper Tech News
1 day ago

Check Point: AI coding assistants are leaking API keys

AI coding assistants are unintentionally leaking sensitive internal data, including API keys, by ingesting entire workspaces without recognizing sensitive files.
#microsoft
Information security
fromArs Technica
1 day ago

Microsoft issues emergency update for macOS and Linux ASP.NET threat

Microsoft released an emergency patch for ASP.NET Core to fix a high-severity vulnerability allowing unauthenticated attackers to gain SYSTEM privileges.
Information security
fromThe Hacker News
1 day ago

Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug

Microsoft released updates to fix a critical security vulnerability in ASP.NET Core that allows privilege escalation for unauthorized attackers.
Information security
fromNextgov.com
1 day ago

Microsoft to test third-party AI models for incorporation in its security offerings

Microsoft is evaluating third-party AI systems to enhance its cybersecurity measures against AI-driven threats.
Information security
fromArs Technica
1 day ago

Microsoft issues emergency update for macOS and Linux ASP.NET threat

Microsoft released an emergency patch for ASP.NET Core to fix a high-severity vulnerability allowing unauthenticated attackers to gain SYSTEM privileges.
Information security
fromThe Hacker News
1 day ago

Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug

Microsoft released updates to fix a critical security vulnerability in ASP.NET Core that allows privilege escalation for unauthorized attackers.
Information security
fromNextgov.com
1 day ago

Microsoft to test third-party AI models for incorporation in its security offerings

Microsoft is evaluating third-party AI systems to enhance its cybersecurity measures against AI-driven threats.
more#microsoft
Information security
fromComputerWeekly.com
1 day ago

A tsunami of flaws: When frontier AI and Patch Tuesday collide | Computer Weekly

April 2025 Patch Tuesday update was the second-largest in history, addressing over 160 vulnerabilities, with AI tools potentially driving the increase.
Information security
fromWIRED
1 day ago

AI Tools Are Helping Mediocre North Korean Hackers Steal Millions

AI tools have enabled unskilled hackers to execute sophisticated cybercrime operations, resulting in significant financial theft.
Information security
fromTechRepublic
1 day ago

Malicious TikTok Downloader Extensions Quietly Compromised 130K Users

Browser extensions disguised as TikTok video downloaders are compromising user data, highlighting vulnerabilities in enterprise security.
Information security
fromZDNET
1 day ago

The shadowy SIM farms behind those incessant scam texts - and how to stay safe

SIM farms are used by cybercriminals for financial fraud, spam, phishing, and online product scalping.
Information security
fromTheregister
21 hours ago

Another npm supply chain worm hits dev environments

A new npm supply-chain attack targets developer workflows, compromising multiple packages and stealing sensitive data, with similarities to previous CanisterWorm infections.
Information security
fromComputerWeekly.com
1 day ago

Interview: Critical local infrastructure is missing link in UK cyber resilience | Computer Weekly

Local infrastructure in the UK is vulnerable to cyber attacks, risking severe disruption to essential services and public safety.
Information security
fromnews.bitcoin.com
1 day ago

Mach-O Man Malware Steals macOS Keychain Data in Lazarus Group Crypto Campaign

North Korea's Lazarus Group deployed Mach-O Man malware targeting macOS users in crypto and fintech roles in April 2026.
Information security
fromZDNET
1 day ago

Google brings Auto Browse and Skills to Chrome Enterprise - and a new 'Gemini Summary'

Chrome Enterprise introduces AI features to automate tasks and enhance IT control over workplace AI tools.
#security
Information security
fromInfoWorld
1 day ago

Microsoft issues out-of-band patch for critical security flaw in update to ASP.NET Core

Long-lived tokens in applications can be exploited by attackers to gain unauthorized access and issue legitimate tokens.
Information security
fromThe Hacker News
1 day ago

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

A critical vulnerability in the Terrarium Python sandbox allows arbitrary code execution with root privileges, rated 9.3 on the CVSS scale.
Information security
fromInfoWorld
1 day ago

Microsoft issues out-of-band patch for critical security flaw in update to ASP.NET Core

Long-lived tokens in applications can be exploited by attackers to gain unauthorized access and issue legitimate tokens.
Information security
fromThe Hacker News
1 day ago

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

A critical vulnerability in the Terrarium Python sandbox allows arbitrary code execution with root privileges, rated 9.3 on the CVSS scale.
more#security
Information security
fromTechzine Global
1 day ago

As Mythos fixes Mozilla flaws, unauthorized access spells disaster

Firefox's Claude Mythos Preview addresses 271 vulnerabilities, but unauthorized access raises concerns about potential misuse by threat actors.
Information security
fromThe Hacker News
1 day ago

Mustang Panda's New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles

A new variant of LOTUSLITE malware targets India's banking sector, focusing on espionage rather than financial gain.
Information security
fromnews.bitcoin.com
1 day ago

Volo Protocol Loses $3.5 Million in Sui Blockchain Exploit, Blocks WBTC Bridge Attempt

Volo Protocol lost $3.5 million due to a compromised vault admin private key, but will absorb the losses without impacting users.
Information security
fromSecurityWeek
1 day ago

North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks

North Korean hackers are targeting macOS users in financial organizations using social engineering techniques to install information-stealing malware.
Information security
fromThe Verge
1 day ago

Anthropic's Mythos rollout has missed America's cyberscurity agency

CISA lacks access to Anthropic's cybersecurity model, raising concerns about its prioritization and effectiveness in digital security.
fromTNW | Anthropic
1 day ago
Information security

Mozilla fixes 271 Firefox vulnerabilities found by Anthropic's Claude Mythos in a single evaluation pass

Mozilla's Firefox 150 fixes 271 security vulnerabilities identified by Anthropic's AI model, Mythos, showcasing the model's effectiveness in vulnerability detection.
Information security
fromSecurityWeek
1 day ago

Google Antigravity in Crosshairs of Security Researchers, Cybercriminals

Google Antigravity's vulnerabilities have attracted both security researchers and cybercriminals, leading to risks of remote code execution and malware delivery.
Information security
fromSecurityWeek
1 day ago

Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data

SBOMs and VEX statements fail to enhance software supply chain security due to poor decision-making and inconsistent interpretation of available data.
#openclaw
more#openclaw
Information security
fromSecurityWeek
1 day ago

Oracle Patches 450 Vulnerabilities With April 2026 CPU

Oracle released 481 new security patches in April 2026, addressing vulnerabilities across 28 product families, with many remotely exploitable without authentication.
Information security
fromSecurityWeek
1 day ago

Mirai Botnet Targets Flaw in Discontinued D-Link Routers

A Mirai botnet exploits a command injection vulnerability in discontinued D-Link routers, posing risks to connected devices.
fromEngadget
1 day ago

Anthropic is investigating 'unauthorized access' of its Mythos cybersecurity tool

We're investigating a report claiming unauthorized access to Claude Mythos Previous through one of our third-party vendor environments.
Information security
Information security
fromAxios
1 day ago

Exclusive: OpenAI briefs feds and Five Eyes on new cyber product

OpenAI demonstrated its GPT-5.4-Cyber model to federal cyber defense practitioners, emphasizing a dual-track access approach for government and commercial users.
fromwww.housingwire.com
1 day ago

How fraud gets stopped in its tracks by real estate and title pros

In 2025, the FBI's Internet Crime Complaint Center logged 1,008,597 cyber-enabled crime complaints, with losses surpassing $20.8 billion, marking a 26% rise from the prior year.
Information security
Information security
fromTechzine Global
1 day ago

Nextcloud ends bug bounty program due to too many low-quality reports

Nextcloud is ending its bug bounty program on HackerOne due to an influx of low-quality, AI-generated vulnerability reports.
Information security
fromNextgov.com
1 day ago

Cyber Command carried out over 8,000 missions in 2025, director says

U.S. Cyber Command conducted over 8,000 missions in 2025, marking a 25% increase from 2024, with expectations for further growth in 2026.
Information security
fromThe Hacker News
2 days ago

SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation

The Gentlemen ransomware group uses SystemBC malware to target over 1,570 victims, employing sophisticated tactics for initial access and lateral movement.
Information security
fromTheregister
2 days ago

macOS ClickFix attacks deliver AppleScript stealers

A ClickFix campaign targets macOS users with an AppleScript infostealer that collects sensitive data from various browsers and cryptocurrency wallets.
Information security
fromComputerWeekly.com
2 days ago

Anthropic's Mythos raises the stakes for security validation | Computer Weekly

The rise of autonomous AI in security introduces unpredictability, complicating the validation of defenses against evolving threats.
[ Load more ]