Information security

[ follow ]
#russian-hackers #power-grid #power-grid-attack #input-validation #cve-2022-2856 #phishing
#cybersecurity
Information security
fromWIRED
15 hours ago

Discord Sleuths Gained Unauthorized Access to Anthropic's Mythos

Mozilla used Anthropic's Mythos Preview to fix 271 vulnerabilities in Firefox 150, while North Korean hackers exploited AI for cybercrime.
Information security
fromFortune
1 day ago

Mythos access by Discord group reveals real danger of AI-powered hacking | Fortune

Unauthorized access to AI models exposes vulnerabilities in cybersecurity, highlighting the rapid pace of AI-driven exploitation of flaws.
Information security
fromBusiness Matters
1 day ago

Why Effective Patch Management Is Critical for Cybersecurity in 2026

Timely patch management is essential for protecting digital assets and maintaining business continuity against evolving cyber threats.
Information security
fromThe Hacker News
1 day ago

FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

A federal agency's Cisco Firepower device was compromised by the FIRESTARTER malware, enabling remote access and control through exploited vulnerabilities.
Information security
fromWIRED
15 hours ago

Discord Sleuths Gained Unauthorized Access to Anthropic's Mythos

Mozilla used Anthropic's Mythos Preview to fix 271 vulnerabilities in Firefox 150, while North Korean hackers exploited AI for cybercrime.
Information security
fromThe Hacker News
19 hours ago

CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

CISA added four vulnerabilities to its KEV catalog, indicating active exploitation affecting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link routers.
Information security
fromFortune
1 day ago

Mythos access by Discord group reveals real danger of AI-powered hacking | Fortune

Unauthorized access to AI models exposes vulnerabilities in cybersecurity, highlighting the rapid pace of AI-driven exploitation of flaws.
Information security
fromBusiness Matters
1 day ago

Why Effective Patch Management Is Critical for Cybersecurity in 2026

Timely patch management is essential for protecting digital assets and maintaining business continuity against evolving cyber threats.
Information security
fromThe Hacker News
1 day ago

FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

A federal agency's Cisco Firepower device was compromised by the FIRESTARTER malware, enabling remote access and control through exploited vulnerabilities.
more#cybersecurity
Information security
fromSecurityWeek
15 hours ago

China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks

GopherWhisper is a newly identified APT using legitimate services for command-and-control communication and data exfiltration, primarily targeting a Mongolian government entity.
#malware
Information security
fromSecurityWeek
1 day ago

Pre-Stuxnet Sabotage Malware 'Fast16' Linked to US-Iran Cyber Tensions

Fast16 is a Lua-based malware discovered by SentinelOne, predating Stuxnet, designed to tamper with high-precision software.
Information security
fromTheregister
1 day ago

CISA, NCSC issue Firestarter backdoor warning

Firestarter malware targets a US federal agency, maintaining persistent access to compromised devices, posing risks to government and critical infrastructure.
Information security
fromTheregister
1 day ago

Researchers find sabotage malware that may predate Stuxnet

Malware named fast16 aims to sabotage engineering and physics simulation software, predating Stuxnet and targeting high-precision tools.
Information security
fromInfoWorld
3 days ago

Malicious pgserve, automagik developer tools found in npm registry

Malicious npm packages aim to steal sensitive data and credentials, potentially leading to complete organizational takeovers.
Information security
fromTechRepublic
3 days ago

Fake Google Antigravity Installer Can Steal Accounts in Minutes

A fake Google Antigravity download exposes user accounts to compromise by delivering malware alongside the legitimate application.
Information security
fromSecurityWeek
1 day ago

Pre-Stuxnet Sabotage Malware 'Fast16' Linked to US-Iran Cyber Tensions

Fast16 is a Lua-based malware discovered by SentinelOne, predating Stuxnet, designed to tamper with high-precision software.
Information security
fromTheregister
1 day ago

CISA, NCSC issue Firestarter backdoor warning

Firestarter malware targets a US federal agency, maintaining persistent access to compromised devices, posing risks to government and critical infrastructure.
Information security
fromTheregister
1 day ago

Researchers find sabotage malware that may predate Stuxnet

Malware named fast16 aims to sabotage engineering and physics simulation software, predating Stuxnet and targeting high-precision tools.
Information security
fromInfoWorld
3 days ago

Malicious pgserve, automagik developer tools found in npm registry

Malicious npm packages aim to steal sensitive data and credentials, potentially leading to complete organizational takeovers.
Information security
fromTechRepublic
3 days ago

Fake Google Antigravity Installer Can Steal Accounts in Minutes

A fake Google Antigravity download exposes user accounts to compromise by delivering malware alongside the legitimate application.
more#malware
fromnews.bitcoin.com
6 hours ago

Five Major DeFi Protocols Ask Arbitrum DAO to Free 30,765 ETH Locked After rsETH Bridge Bug

The KelpDAO rsETH Unichain-to-Ethereum bridge released 116,500 rsETH on Ethereum without a corresponding source-side burn, breaking the core bridge invariant that Ethereum-side locked rsETH should cover remote-chain minted supply.
Information security
#ai-security
fromZDNET
2 days ago
Information security

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

fromFortune
2 days ago
Information security

Security experts head to D.C. to debate standards for securing AI systems as Mythos raises the stakes | Fortune

Information security
fromZDNET
2 days ago

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

Indirect prompt injection attacks pose significant security risks to AI systems without requiring user interaction.
Information security
fromFortune
2 days ago

Security experts head to D.C. to debate standards for securing AI systems as Mythos raises the stakes | Fortune

AI systems are becoming attractive targets for adversaries, with vulnerabilities discovered faster than developers can respond.
Information security
fromTheregister
3 days ago

Anthropic Mythos shaping up as nothingburger

Anthropic's Mythos model is under scrutiny due to unauthorized access concerns, despite its intended purpose of identifying vulnerabilities.
more#ai-security
#bitwarden
Information security
fromSecurityWeek
1 day ago

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package was compromised, enabling credential theft through a malicious payload targeting various cloud services and GitHub repositories.
Information security
fromSecurityWeek
1 day ago

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package was compromised, enabling credential theft through a malicious payload targeting various cloud services and GitHub repositories.
more#bitwarden
Information security
fromThe Hacker News
1 day ago

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

A high-severity SSRF vulnerability in LMDeploy is actively exploited, allowing attackers to access sensitive data and internal networks.
Information security
fromSecurityWeek
1 day ago

Why Cybersecurity Must Rethink Defense in the Age of Autonomous Agents

Agentic AI is transforming cybersecurity, presenting both opportunities for defenders and risks for attackers, necessitating a strategic response from the industry.
Information security
fromSecurityWeek
1 day ago

US Federal Agency's Cisco Firewall Infected With 'Firestarter' Backdoor

A US federal agency was infected with malware due to vulnerabilities in Cisco firewalls linked to a China-backed espionage campaign.
Information security
fromTheregister
1 day ago

Attackers could disable all of a city's public EV chargers

Rented IoT infrastructure prioritizes user convenience over security, exposing them to denial of service attacks and vulnerabilities.
#microsoft
Information security
fromArs Technica
3 days ago

Microsoft issues emergency update for macOS and Linux ASP.NET threat

Microsoft released an emergency patch for ASP.NET Core to fix a high-severity vulnerability allowing unauthenticated attackers to gain SYSTEM privileges.
Information security
fromThe Hacker News
3 days ago

Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug

Microsoft released updates to fix a critical security vulnerability in ASP.NET Core that allows privilege escalation for unauthorized attackers.
Information security
fromArs Technica
3 days ago

Microsoft issues emergency update for macOS and Linux ASP.NET threat

Microsoft released an emergency patch for ASP.NET Core to fix a high-severity vulnerability allowing unauthenticated attackers to gain SYSTEM privileges.
Information security
fromThe Hacker News
3 days ago

Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug

Microsoft released updates to fix a critical security vulnerability in ASP.NET Core that allows privilege escalation for unauthorized attackers.
more#microsoft
Information security
fromnews.bitcoin.com
1 day ago

Sonic Builds Quantum-Ready Blockchain With Simpler Architecture

Sonic redesigns proof-of-stake to enhance quantum resilience, shifting from elliptic curve to hash-based schemes for improved security.
Information security
fromTechzine Global
1 day ago

Agentic AI is reshaping the network - and it's time to upgrade

Wireless connectivity is essential for AI, transforming industries and requiring strategic management to address complexity and security risks.
fromSecurityWeek
1 day ago

Vulnerabilities Patched in CrowdStrike, Tenable Products

CrowdStrike published an advisory for CVE-2026-40050, a critical unauthenticated path traversal vulnerability affecting its LogScale product. The flaw can allow a remote attacker to read arbitrary files from the server filesystem.
Information security
Information security
fromSecurityWeek
1 day ago

Locked Shields 2026: 41 Nations Strengthen Cyber Resilience in World's Biggest Exercise

Locked Shields 2026 tested cyber defense capabilities of 4,000 participants from 41 nations against simulated cyberattacks on critical infrastructure.
Information security
fromFast Company
2 days ago

1Password sees AI as both threat and tool

AI presents both risks and opportunities for password management, requiring firms to balance security with the potential for careless app development.
Information security
fromIT Brew
2 days ago

Asking around: When does ransomware threat intelligence become noise?

Effective threat intelligence requires filtering information relevant to specific market segments to avoid overwhelming alerts.
Information security
fromInfoWorld
2 days ago

Offer customers passkeys by default, UK's NCSC tells enterprises

Passkeys are recommended as the primary authentication method due to their security against phishing and credential reuse.
Information security
fromThe Hacker News
2 days ago

Vercel Finds More Compromised Accounts in Context.ai-Linked Breach

Vercel identified additional compromised customer accounts linked to a security incident involving unauthorized access to its internal systems.
Information security
fromTechCrunch
2 days ago

Vercel says some of its customers' data was stolen prior to its recent hack | TechCrunch

Vercel experienced a data breach affecting customer accounts, with evidence of prior compromises suggesting broader security implications.
#artificial-intelligence
fromFortune
2 days ago
Information security

Former national cyber director: Anthropic's 'Mythos' AI can hack nearly anything and we aren't ready | Fortune

Information security
fromFortune
3 days ago

The Mythos meeting focused on the wrong AI risk to banks. Here's the one nobody is talking about | Fortune

Artificial intelligence is transforming fraud into a machine-driven, scalable threat, posing risks beyond traditional cyber attacks.
Information security
fromFortune
2 days ago

Former national cyber director: Anthropic's 'Mythos' AI can hack nearly anything and we aren't ready | Fortune

Mythos, Anthropic's advanced AI model, poses significant risks to critical infrastructure, necessitating urgent investment and collaboration to enhance cybersecurity.
Information security
fromFortune
3 days ago

The Mythos meeting focused on the wrong AI risk to banks. Here's the one nobody is talking about | Fortune

Artificial intelligence is transforming fraud into a machine-driven, scalable threat, posing risks beyond traditional cyber attacks.
more#artificial-intelligence
Information security
fromnews.bitcoin.com
2 days ago

Beyond the Breach: Why rsETH's Depegging Demands a New Standard for Bridge Security

KelpDAO's rsETH depegged after a breach, highlighting the need for improved bridge security in collateral risk management.
Information security
fromForbes
2 days ago

How To Spot A Fake Candidate Before You Hire One

Deepfake technology is increasingly used in hiring fraud, posing significant challenges for recruiters and companies.
#ai
fromInfoWorld
3 days ago
Information security

Claude Mythos signals a new era in AI-driven security, finding 271 flaws in Firefox

Information security
fromSecurityWeek
2 days ago

AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers

AI systems can autonomously hack cloud environments, demonstrating advanced capabilities in executing sophisticated attacks without specific instructions.
Information security
fromFast Company
3 days ago

Brace yourself for a flood of patches in all of your tech gadgets

Mythos, Anthropic's AI model, identifies software vulnerabilities, prompting urgent updates to prevent exploitation by hackers.
Information security
fromnews.bitcoin.com
2 days ago

From Scripts to Swarms: Why AI Is Breaking Traditional Sybil Defenses

AI agents will centralize identity management, enhancing security against Sybil attacks through advanced automation and dynamic behavior.
Information security
fromInfoWorld
3 days ago

Claude Mythos signals a new era in AI-driven security, finding 271 flaws in Firefox

AI has exposed hundreds of vulnerabilities in Mozilla's Firefox browser, highlighting both cybersecurity advancements and dual-use risks.
Information security
fromComputerworld
3 days ago

Claude Mythos signals a new era in AI-driven security, finding 271 flaws in Firefox

AI has exposed hundreds of vulnerabilities in Mozilla's Firefox browser, highlighting both cybersecurity advancements and dual-use risks.
Information security
fromSecurityWeek
2 days ago

AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers

AI systems can autonomously hack cloud environments, demonstrating advanced capabilities in executing sophisticated attacks without specific instructions.
Information security
fromFast Company
3 days ago

Brace yourself for a flood of patches in all of your tech gadgets

Mythos, Anthropic's AI model, identifies software vulnerabilities, prompting urgent updates to prevent exploitation by hackers.
more#ai
Information security
fromSecurityWeek
2 days ago

Recent Microsoft Defender Vulnerability Exploited as Zero-Day

A zero-day vulnerability in Microsoft Defender, tracked as CVE-2026-33825, allows privilege escalation through a flaw named BlueHammer.
Information security
fromTechCrunch
2 days ago

Surveillance vendors caught abusing access to telcos to track people's phone locations, researchers say | TechCrunch

Two spying campaigns exploit telecom infrastructure weaknesses to track individuals' locations, revealing ongoing vulnerabilities in global phone networks.
Information security
fromSecuritymagazine
3 days ago

NIST's New Prioritization Criteria for CVEs, Examined by Experts

NIST is changing its approach to handling cybersecurity vulnerabilities by prioritizing certain CVEs for immediate enrichment in the National Vulnerability Database.
fromSecuritymagazine
3 days ago

Operationally Ineffective: Putting CVEs in a Chokehold with Privilege Disruption

A Common Vulnerability Exposure (CVE) that cannot reach the privilege plane is operationally ineffective - even at a CVSS Score of 10. This should be a core philosophy that is embedded into the fabric of software engineering.
Information security
fromTheregister
2 days ago

Dev targeted by sophisticated job scam

Vujičić noted that he receives daily messages about job offers, with a personal record of eight in one day, indicating the prevalence of recruitment scams targeting crypto professionals.
Information security
Information security
fromArs Technica
2 days ago

Now, even ransomware is using post-quantum cryptography

Kyber's use of PQC key-exchange algorithms serves more as a marketing tactic than a practical security measure against imminent quantum threats.
Information security
fromTechRepublic
3 days ago

Microsoft Patch Still Leaves 1,300 SharePoint Servers Exposed

Over 1,300 internet-exposed Microsoft SharePoint servers remain unpatched against a spoofing flaw, CVE-2026-32201, posing significant security risks.
Information security
fromDeveloper Tech News
3 days ago

Check Point: AI coding assistants are leaking API keys

AI coding assistants are unintentionally leaking sensitive internal data, including API keys, by ingesting entire workspaces without recognizing sensitive files.
Information security
fromComputerWeekly.com
3 days ago

A tsunami of flaws: When frontier AI and Patch Tuesday collide | Computer Weekly

April 2025 Patch Tuesday update was the second-largest in history, addressing over 160 vulnerabilities, with AI tools potentially driving the increase.
Information security
fromWIRED
3 days ago

AI Tools Are Helping Mediocre North Korean Hackers Steal Millions

AI tools have enabled unskilled hackers to execute sophisticated cybercrime operations, resulting in significant financial theft.
Information security
fromTechRepublic
3 days ago

Malicious TikTok Downloader Extensions Quietly Compromised 130K Users

Browser extensions disguised as TikTok video downloaders are compromising user data, highlighting vulnerabilities in enterprise security.
Information security
fromZDNET
3 days ago

The shadowy SIM farms behind those incessant scam texts - and how to stay safe

SIM farms are used by cybercriminals for financial fraud, spam, phishing, and online product scalping.
Information security
fromTheregister
3 days ago

Another npm supply chain worm hits dev environments

A new npm supply-chain attack targets developer workflows, compromising multiple packages and stealing sensitive data, with similarities to previous CanisterWorm infections.
Information security
fromComputerWeekly.com
3 days ago

Interview: Critical local infrastructure is missing link in UK cyber resilience | Computer Weekly

Local infrastructure in the UK is vulnerable to cyber attacks, risking severe disruption to essential services and public safety.
Information security
fromZDNET
3 days ago

Google brings Auto Browse and Skills to Chrome Enterprise - and a new 'Gemini Summary'

Chrome Enterprise introduces AI features to automate tasks and enhance IT control over workplace AI tools.
Information security
fromInfoWorld
3 days ago

Microsoft issues out-of-band patch for critical security flaw in update to ASP.NET Core

Long-lived tokens in applications can be exploited by attackers to gain unauthorized access and issue legitimate tokens.
[ Load more ]