Information security
Information security

5 hours ago

Mercor says it was 'one of thousands' hit in LiteLLM attack

Mercor confirmed it was affected by the LiteLLM supply-chain attack, with significant data theft by the Lapsus$ group.

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.

5 hours ago

Mercor says it was 'one of thousands' hit in LiteLLM attack

Mercor confirmed it was affected by the LiteLLM supply-chain attack, with significant data theft by the Lapsus$ group.

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.

more#supply-chain-attack

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

Information security

New DeepLoad Malware Dropped in ClickFix Attacks

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

DeepLoad malware uses ClickFix tactics and AI-assisted obfuscation to evade detection and steal credentials immediately.

fromBleepingComputer

Information security

New RoadK1ll WebSocket implant used to pivot on breached networks

RoadK1ll is a Node.js implant that enables attackers to pivot from a compromised host to other internal systems undetected.

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

New DeepLoad Malware Dropped in ClickFix Attacks

DeepLoad malware steals credentials and intercepts browser interactions, utilizing ClickFix for distribution and evading detection through sophisticated techniques.

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

DeepLoad malware uses ClickFix tactics and AI-assisted obfuscation to evade detection and steal credentials immediately.

fromBleepingComputer

New RoadK1ll WebSocket implant used to pivot on breached networks

RoadK1ll is a Node.js implant that enables attackers to pivot from a compromised host to other internal systems undetected.

Block the Prompt, Not the Work: The End of "Doctor No"

Blocking productivity tools creates a shadow infrastructure that undermines security and visibility.

#cybersecurity

Information security

3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don't See It Coming)

Information security

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Information security

Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass

Information security

AI gives attackers superpowers, so defenders must use it too

UK manufacturers under cyber fire with 80% reporting attacks

Nearly 80% of British manufacturers experienced a cyber incident in the past year, highlighting the critical need for improved cybersecurity measures.

Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains

A campaign targets Chinese-speaking users with typosquatted domains to deliver the AtlasCross RAT, impersonating trusted software brands.

3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don't See It Coming)

Cyber attackers increasingly exploit legitimate tools within environments, making detection difficult and expanding the attack surface organizations must manage.

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Google attributes the Axios npm package compromise to North Korean threat actor UNC1069, highlighting the risks of supply chain attacks.

Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass

A new campaign uses WhatsApp to distribute malicious VBS files, enabling multi-stage infections and remote access through social engineering techniques.

AI gives attackers superpowers, so defenders must use it too

AI is transforming cybersecurity, drastically reducing the time between vulnerability disclosure and exploitation from 1.5 years to mere hours.

UK manufacturers under cyber fire with 80% reporting attacks

Nearly 80% of British manufacturers experienced a cyber incident in the past year, highlighting the critical need for improved cybersecurity measures.

Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains

A campaign targets Chinese-speaking users with typosquatted domains to deliver the AtlasCross RAT, impersonating trusted software brands.

Google Warns Quantum Computers Could Crack Crypto Sooner Than Expected

Quantum computing poses an imminent threat to cryptocurrency security, with fewer resources needed to break current cryptographic protections than previously estimated.

Shrinking PQC timeline highlights immediate risk to data security | Computer Weekly

Google's accelerated timeline for post-quantum cryptography highlights urgent data security risks posed by quantum computers that need immediate attention.

Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encryption

Google's Quantum AI warns that cryptocurrencies are more vulnerable to quantum attacks than previously believed, shortening the timeline for potential threats.

Google Warns Quantum Computers Could Crack Crypto Sooner Than Expected

Quantum computing poses an imminent threat to cryptocurrency security, with fewer resources needed to break current cryptographic protections than previously estimated.

Shrinking PQC timeline highlights immediate risk to data security | Computer Weekly

Google's accelerated timeline for post-quantum cryptography highlights urgent data security risks posed by quantum computers that need immediate attention.

Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encryption

Google's Quantum AI warns that cryptocurrencies are more vulnerable to quantum attacks than previously believed, shortening the timeline for potential threats.

more#quantum-computing

Exabeam now monitors AI agents in ChatGPT, Copilot, and Gemini

Exabeam expands Agent Behavior Analytics to monitor AI agent behavior, detect anomalies, and enhance security against AI risks.

Google Addresses Vertex Security Issues After Researchers Weaponize AI Agents

Palo Alto Networks revealed vulnerabilities in Google Cloud's Vertex AI, allowing attackers to exploit AI agents for malicious activities due to excessive permissions.

fromwww.businessinsider.com

Okta's CEO says all AI agents need a kill switch

AI agents may require access to sensitive data, necessitating security measures like a kill switch to mitigate risks.

Securing agentic AI is still about getting the basics right

Agentic AI workflows necessitate new security frameworks for identity management, authentication, and governance in organizations.

Exabeam now monitors AI agents in ChatGPT, Copilot, and Gemini

Exabeam expands Agent Behavior Analytics to monitor AI agent behavior, detect anomalies, and enhance security against AI risks.

Google Addresses Vertex Security Issues After Researchers Weaponize AI Agents

Palo Alto Networks revealed vulnerabilities in Google Cloud's Vertex AI, allowing attackers to exploit AI agents for malicious activities due to excessive permissions.

fromwww.businessinsider.com

Okta's CEO says all AI agents need a kill switch

AI agents may require access to sensitive data, necessitating security measures like a kill switch to mitigate risks.

Securing agentic AI is still about getting the basics right

Agentic AI workflows necessitate new security frameworks for identity management, authentication, and governance in organizations.

Information security

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

Information security

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

fromSecuritymagazine

Information security

Tax Season Means Phishing Season: How Individuals and Businesses Can Protect Themselves

Major phishing campaign on GitHub using fake security alerts

A large-scale phishing campaign targets developers on GitHub, exploiting Discussions to spread fake security alerts about Visual Studio Code and distribute malware.

Information security

AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion

11 hours ago

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

A phishing campaign impersonating CERT-UA distributed malware called AGEWHEEZE targeting various organizations in Ukraine.

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A phishing campaign targets Spanish-speaking users in Latin America and Europe, delivering banking trojans via malware called Horabot.

fromSecuritymagazine

Tax Season Means Phishing Season: How Individuals and Businesses Can Protect Themselves

Phishing attacks during tax season have become more sophisticated, leveraging generative AI to impersonate trusted entities like the IRS.

Major phishing campaign on GitHub using fake security alerts

A large-scale phishing campaign targets developers on GitHub, exploiting Discussions to spread fake security alerts about Visual Studio Code and distribute malware.

AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion

Threat actors are using AitM phishing to compromise TikTok for Business accounts, targeting business accounts for malvertising and malware distribution.

more#phishing

#north-korea

fromwww.cybersecuritydive.com

Axios open-source library targeted in sophisticated supply chain attack

A North Korean threat actor compromised the axios library, introducing a malicious dependency that deploys a backdoor across multiple operating systems.

fromDevOps.com

North Korean Hackers Suspected in Supply Chain Attack on Popular Axios Project - DevOps.com

North Korean hackers hijacked the npm account of an axios maintainer, publishing malicious versions that installed a remote access trojan.

New North Korean AI Hiring Scheme Targets US Companies

A North Korean operative attempted to infiltrate a cybersecurity firm using a stolen identity and AI-generated resume, highlighting vulnerabilities in hiring processes.

North Korea-linked hackers suspected in Axios open-source hijack, Google analysts say

North Korea-aligned hackers compromised the Axios JavaScript library, risking many developers' systems through a sophisticated supply chain attack.

fromwww.cybersecuritydive.com

Axios open-source library targeted in sophisticated supply chain attack

A North Korean threat actor compromised the axios library, introducing a malicious dependency that deploys a backdoor across multiple operating systems.

fromDevOps.com

North Korean Hackers Suspected in Supply Chain Attack on Popular Axios Project - DevOps.com

North Korean hackers hijacked the npm account of an axios maintainer, publishing malicious versions that installed a remote access trojan.

New North Korean AI Hiring Scheme Targets US Companies

A North Korean operative attempted to infiltrate a cybersecurity firm using a stolen identity and AI-generated resume, highlighting vulnerabilities in hiring processes.

North Korea-linked hackers suspected in Axios open-source hijack, Google analysts say

North Korea-aligned hackers compromised the Axios JavaScript library, risking many developers' systems through a sophisticated supply chain attack.

North Korea behind social engineering attack on Axios project

Attackers compromised the Axios maintainer's account through social engineering, publishing malicious versions that installed a Remote Access Trojan on victims' systems.

fromSiliconANGLE

Hackers compromise popular Axios Javascript library with hidden malware - SiliconANGLE

Axios HTTP client library was hacked to distribute malware via a compromised npm account, affecting multiple operating systems.

North Korea behind social engineering attack on Axios project

Attackers compromised the Axios maintainer's account through social engineering, publishing malicious versions that installed a Remote Access Trojan on victims' systems.

fromSiliconANGLE

Hackers compromise popular Axios Javascript library with hidden malware - SiliconANGLE

Axios HTTP client library was hacked to distribute malware via a compromised npm account, affecting multiple operating systems.

Information security

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

6 days ago

Securing the AI Stack: From Model to Production

AI has transformed phishing into a high-velocity threat, requiring modern defenses to adopt similar layered tactics.

Information security

Details leak on Anthropic's "step-change" Mythos model

22 hours ago

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

Anthropic confirmed a human error led to the accidental release of Claude Code's internal source code, but no sensitive data was exposed.

6 days ago

Securing the AI Stack: From Model to Production

AI has transformed phishing into a high-velocity threat, requiring modern defenses to adopt similar layered tactics.

Details leak on Anthropic's "step-change" Mythos model

Anthropic is testing Claude Mythos, a new AI model tier above Opus, after a data leak exposed draft documents about it.

Claude Code's source reveals extent of system access

Claude Code has significant control over devices, raising concerns about data retention and potential misuse in sensitive environments.

8 hours ago

Claude Code bypasses safety rule if given too many commands

Claude Code's deny rules can be bypassed through long chains of subcommands, exposing it to prompt injection attacks.

22 hours ago

Claude Code's source reveals extent of system access

Claude Code has significant control over devices, raising concerns about data retention and potential misuse in sensitive environments.

8 hours ago

Claude Code bypasses safety rule if given too many commands

Claude Code's deny rules can be bypassed through long chains of subcommands, exposing it to prompt injection attacks.

Quantum network supports high-security QKD: How it works, why it matters

Quantum technology presents both risks and benefits for network security, particularly through quantum key distribution (QKD) as a solution to encryption vulnerabilities.

fromTechCrunch

Mercor says it was hit by cyberattack tied to compromise of open-source LiteLLM project | TechCrunch

Mercor confirmed a security incident linked to a supply chain attack involving LiteLLM, affecting its data and operations.

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation - Patch Released

Google released security updates for Chrome to address 21 vulnerabilities, including a zero-day flaw exploited in the wild.

Google Issues High-Risk Security Patch for 3.5 Billion Chrome Users

Google has released a security update for Chrome addressing eight high-risk vulnerabilities affecting its 3.5 billion users.

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation - Patch Released

Google released security updates for Chrome to address 21 vulnerabilities, including a zero-day flaw exploited in the wild.

Google Issues High-Risk Security Patch for 3.5 Billion Chrome Users

Google has released a security update for Chrome addressing eight high-risk vulnerabilities affecting its 3.5 billion users.

Toy Giant Hasbro Hit by Cyberattack

Hasbro experienced a cyberattack disrupting operations, prompting an investigation and implementation of business continuity plans.

Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome

Google's Chrome 146 update addresses 21 vulnerabilities, including a zero-day exploit tracked as CVE-2026-5281.

fromSecuritymagazine

The Rising Tide of Executive Protection: Corporations Ramp Up Security in an Era of Heightened Threats

Companies are increasingly investing in executive protection due to rising threats, making it a strategic necessity for business continuity and resilience.

Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise

OAuth tokens pose significant security risks, especially when long-lived, as they can lead to widespread breaches across multiple organizations.

Venom Stealer Raises Stakes With Continuous Credential Harvesting

Stolen credentials via infostealers like Venom Stealer are central to modern cybercrime.

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

Cloudflare Adds Active API Vulnerability Scanning to Its Edge

Cloudflare's Web and API Vulnerability Scanner focuses on detecting Broken Object Level Authorization vulnerabilities in APIs.

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Stolen credentials significantly enhance ransomware attacks, enabling illegitimate access and operational disruption within networks.

Don't open that WhatsApp message, Microsoft warns

WhatsApp messages are being exploited to deliver malicious files that allow attackers to control victims' machines and access their data.

Google Drive Expands AI Ransomware Detection, File Recovery to More Users

Google Drive now features AI-powered ransomware detection and built-in file recovery, significantly improving threat identification and response capabilities.

Exploitation of Critical Fortinet FortiClient EMS Flaw Begins

Threat actors exploit a critical SQL injection vulnerability in Fortinet FortiClient EMS, allowing remote code execution without authentication.

CrewAI Vulnerabilities Expose Devices to Hacking

Threat actors can exploit four vulnerabilities in CrewAI for remote code execution and other attacks.

TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks

A high-severity vulnerability in TrueConf software has been exploited, allowing attackers to execute arbitrary code via tampered updates.

fromScala-lang

Fixing a Command Injection Vulnerability in sbt

A command injection vulnerability in sbt on Windows has been fixed, affecting versions since sbt 0.9.5.

#fcc

Banning routers won't fix what's already broken | Computer Weekly

The FCC's ban on foreign-made routers addresses future procurement, not current security risks, as routers are already vulnerable and widely deployed.

Information security

FCC taps Farhan Khan as CIO

Banning routers won't fix what's already broken | Computer Weekly

The FCC's ban on foreign-made routers addresses future procurement, not current security risks, as routers are already vulnerable and widely deployed.

Information security

FCC taps Farhan Khan as CIO

Chainalysis Deploys AI Agents to Counter Criminal Use of Artificial Intelligence in Crypto

Chainalysis introduces AI agents to enhance fraud detection and compliance without requiring deep technical expertise, ensuring data quality and human oversight.

StrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNs

A high-severity vulnerability in StrongSwan's EAP-TTLS AVP parser can be exploited remotely to crash VPN services.

Cato Networks unveils modular adoption model for SASE platform | Computer Weekly

Cato Networks introduces a modular adoption model for its SASE platform, allowing organizations to expand networking and security capabilities as needed.

fromComputerworld

Why the axios supply chain attack should have Apple worried

The attack illustrates the extent to which Big Tech relies on open-source software. Without the many contributions of open-source developers, Apple, Amazon, Google, Microsoft, and everyone else would need to invest vast sums in building more of the infrastructure of our digital world.

Information security

Censys Raises $70 Million for Internet Intelligence Platform

Censys raised $70 million in funding to enhance its internet intelligence platform and support global expansion.

fromTelecompetitor

Comcast Business introduces two services for young and growing organizations

Simplicity and savings are central to Comcast Business' new services for entrepreneurs and growing companies.

Ministry of Finance portal still offline following cyber incident

The Mijn Schatkist portal is offline due to a cyber incident, affecting 1,600 institutions' access to balances and reports.

OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability

A vulnerability in OpenAI ChatGPT allowed sensitive data to be exfiltrated without user consent, exploiting a hidden DNS communication path.

The State of Secrets Sprawl 2026: 9 Takeaways for CISOs

Secrets sprawl accelerated in 2025, with 29 million new hardcoded secrets identified, marking a 34% increase from the previous year.

OpenAI ChatGPT fixes DNS data smuggling flaw

ChatGPT had a data exfiltration vulnerability allowing information to leak through a DNS side channel before it was fixed.

fromTheStreet

FTC data reveal $12.5 billion in fraud, and your bank account is the target

Americans lost $12.5 billion to financial fraud in 2024, a 25% increase from the previous year.

Exploitation of Fresh Citrix NetScaler Vulnerability Begins

Exploitation of a critical Citrix NetScaler vulnerability began shortly after its public disclosure, with active attempts detected within days.

Citrix NetScaler bug may be multiple flaws in one

In-the-wild exploitation of a critical Citrix NetScaler bug has begun, with attackers actively targeting vulnerable systems within days of its disclosure.

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

A critical security flaw in Citrix NetScaler ADC and Gateway requires immediate patching to prevent exploitation.

Exploitation of Fresh Citrix NetScaler Vulnerability Begins

Exploitation of a critical Citrix NetScaler vulnerability began shortly after its public disclosure, with active attempts detected within days.

Citrix NetScaler bug may be multiple flaws in one

In-the-wild exploitation of a critical Citrix NetScaler bug has begun, with attackers actively targeting vulnerable systems within days of its disclosure.

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

A critical security flaw in Citrix NetScaler ADC and Gateway requires immediate patching to prevent exploitation.

Microsoft is blocking legacy Windows drivers

Microsoft will only allow drivers approved through the Windows Hardware Compatibility Program to enhance security and compatibility in Windows.

fromTechCrunch

Popular AI gateway startup LiteLLM ditches controversial startup Delve | TechCrunch

LiteLLM is terminating its relationship with Delve for security certifications after a malware incident and will seek a new compliance auditor.

fromFortune

Cargo theft costs U.S. trucking $18 million a day and is 'unlike anything our industry has faced before,' logistics exec warns | Fortune

Cargo theft has become a significant threat to the U.S. supply chain, costing the industry billions annually.

fromAxios

3 days ago

Everyone's worried that AI's newest models are a hacker's dream weapon

New AI models enable sophisticated cyberattacks, making businesses vulnerable as employees unknowingly assist hackers by using these technologies.

Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs

macOS users are targeted by a ClickFix campaign delivering a Python-based information stealer through a fake Cloudflare verification page.

TA446 Deploys Leaked DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign

Russian state-sponsored group TA446 is using the DarkSword exploit kit to target iOS devices through phishing emails.