Information security

[ follow ]
#russian-hackers #power-grid #power-grid-attack #input-validation #cve-2022-2856 #phishing
#malware
Information security
fromThe Hacker News
1 hour ago

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Operation REF1695 uses fake installers to deploy RATs and cryptocurrency miners, monetizing infections through CPA fraud since November 2023.
Information security
fromThe Hacker News
2 days ago

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

DeepLoad malware uses ClickFix tactics and AI-assisted obfuscation to evade detection and steal credentials immediately.
Information security
fromThe Hacker News
1 hour ago

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Operation REF1695 uses fake installers to deploy RATs and cryptocurrency miners, monetizing infections through CPA fraud since November 2023.
Information security
fromSecurityWeek
22 hours ago

New DeepLoad Malware Dropped in ClickFix Attacks

DeepLoad malware steals credentials and intercepts browser interactions, utilizing ClickFix for distribution and evading detection through sophisticated techniques.
Information security
fromThe Hacker News
2 days ago

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

DeepLoad malware uses ClickFix tactics and AI-assisted obfuscation to evade detection and steal credentials immediately.
more#malware
#cybersecurity
fromThe Hacker News
1 day ago
Information security

3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don't See It Coming)

Information security
fromTechzine Global
1 day ago

AI gives attackers superpowers, so defenders must use it too

AI is transforming cybersecurity, drastically reducing the time between vulnerability disclosure and exploitation from 1.5 years to mere hours.
Information security
fromTheregister
1 day ago

UK manufacturers under cyber fire with 80% reporting attacks

Nearly 80% of British manufacturers experienced a cyber incident in the past year, highlighting the critical need for improved cybersecurity measures.
Information security
fromComputerWeekly.com
4 hours ago

NCSC warns high-risk individuals of Signal and WhatsApp social engineering attacks | Computer Weekly

High-risk individuals must reduce exposure to social engineering attacks targeting encrypted messaging apps like Signal, WhatsApp, and Facebook Messenger.
Information security
fromThe Hacker News
1 day ago

3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don't See It Coming)

Cyber attackers increasingly exploit legitimate tools within environments, making detection difficult and expanding the attack surface organizations must manage.
Information security
fromThe Hacker News
1 day ago

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Google attributes the Axios npm package compromise to North Korean threat actor UNC1069, highlighting the risks of supply chain attacks.
Information security
fromThe Hacker News
23 hours ago

Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass

A new campaign uses WhatsApp to distribute malicious VBS files, enabling multi-stage infections and remote access through social engineering techniques.
Information security
fromTechzine Global
1 day ago

AI gives attackers superpowers, so defenders must use it too

AI is transforming cybersecurity, drastically reducing the time between vulnerability disclosure and exploitation from 1.5 years to mere hours.
Information security
fromTheregister
1 day ago

UK manufacturers under cyber fire with 80% reporting attacks

Nearly 80% of British manufacturers experienced a cyber incident in the past year, highlighting the critical need for improved cybersecurity measures.
more#cybersecurity
#supply-chain-attack
Information security
fromInfoQ
2 days ago

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.
Information security
fromInfoQ
2 days ago

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.
more#supply-chain-attack
Information security
fromTheregister
5 hours ago

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.
Information security
fromnews.bitcoin.com
3 hours ago

Naoris Protocol Deploys Post-Quantum Mainnet to Secure Global Digital Infrastructure

Naoris Protocol launched its Layer 1 mainnet for decentralized post-quantum security, processing over 106 million transactions to combat quantum computing threats.
#quantum-computing
Information security
fromTechRepublic
23 hours ago

Google Warns Quantum Computers Could Crack Crypto Sooner Than Expected

Quantum computing poses an imminent threat to cryptocurrency security, with fewer resources needed to break current cryptographic protections than previously estimated.
Information security
fromComputerWeekly.com
2 days ago

Shrinking PQC timeline highlights immediate risk to data security | Computer Weekly

Google's accelerated timeline for post-quantum cryptography highlights urgent data security risks posed by quantum computers that need immediate attention.
Information security
fromSecurityWeek
2 days ago

Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encryption

Google's Quantum AI warns that cryptocurrencies are more vulnerable to quantum attacks than previously believed, shortening the timeline for potential threats.
Information security
fromTechRepublic
23 hours ago

Google Warns Quantum Computers Could Crack Crypto Sooner Than Expected

Quantum computing poses an imminent threat to cryptocurrency security, with fewer resources needed to break current cryptographic protections than previously estimated.
Information security
fromComputerWeekly.com
2 days ago

Shrinking PQC timeline highlights immediate risk to data security | Computer Weekly

Google's accelerated timeline for post-quantum cryptography highlights urgent data security risks posed by quantum computers that need immediate attention.
Information security
fromSecurityWeek
2 days ago

Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encryption

Google's Quantum AI warns that cryptocurrencies are more vulnerable to quantum attacks than previously believed, shortening the timeline for potential threats.
more#quantum-computing
#ai-security
Information security
fromSecurityWeek
1 day ago

Google Addresses Vertex Security Issues After Researchers Weaponize AI Agents

Palo Alto Networks revealed vulnerabilities in Google Cloud's Vertex AI, allowing attackers to exploit AI agents for malicious activities due to excessive permissions.
Information security
fromSecurityWeek
1 day ago

Google Addresses Vertex Security Issues After Researchers Weaponize AI Agents

Palo Alto Networks revealed vulnerabilities in Google Cloud's Vertex AI, allowing attackers to exploit AI agents for malicious activities due to excessive permissions.
more#ai-security
#phishing
Information security
fromTechzine Global
3 days ago

Major phishing campaign on GitHub using fake security alerts

A large-scale phishing campaign targets developers on GitHub, exploiting Discussions to spread fake security alerts about Visual Studio Code and distribute malware.
Information security
fromThe Hacker News
23 hours ago

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A phishing campaign targets Spanish-speaking users in Latin America and Europe, delivering banking trojans via malware called Horabot.
Information security
fromSecuritymagazine
2 days ago

Tax Season Means Phishing Season: How Individuals and Businesses Can Protect Themselves

Phishing attacks during tax season have become more sophisticated, leveraging generative AI to impersonate trusted entities like the IRS.
Information security
fromTechzine Global
3 days ago

Major phishing campaign on GitHub using fake security alerts

A large-scale phishing campaign targets developers on GitHub, exploiting Discussions to spread fake security alerts about Visual Studio Code and distribute malware.
more#phishing
#north-korea
Information security
fromDevOps.com
1 day ago

North Korean Hackers Suspected in Supply Chain Attack on Popular Axios Project - DevOps.com

North Korean hackers hijacked the npm account of an axios maintainer, publishing malicious versions that installed a remote access trojan.
Information security
fromTechRepublic
1 day ago

New North Korean AI Hiring Scheme Targets US Companies

A North Korean operative attempted to infiltrate a cybersecurity firm using a stolen identity and AI-generated resume, highlighting vulnerabilities in hiring processes.
Information security
fromNextgov.com
1 day ago

North Korea-linked hackers suspected in Axios open-source hijack, Google analysts say

North Korea-aligned hackers compromised the Axios JavaScript library, risking many developers' systems through a sophisticated supply chain attack.
Information security
fromDevOps.com
1 day ago

North Korean Hackers Suspected in Supply Chain Attack on Popular Axios Project - DevOps.com

North Korean hackers hijacked the npm account of an axios maintainer, publishing malicious versions that installed a remote access trojan.
Information security
fromTechRepublic
1 day ago

New North Korean AI Hiring Scheme Targets US Companies

A North Korean operative attempted to infiltrate a cybersecurity firm using a stolen identity and AI-generated resume, highlighting vulnerabilities in hiring processes.
Information security
fromNextgov.com
1 day ago

North Korea-linked hackers suspected in Axios open-source hijack, Google analysts say

North Korea-aligned hackers compromised the Axios JavaScript library, risking many developers' systems through a sophisticated supply chain attack.
more#north-korea
#axios
Information security
fromTechzine Global
1 day ago

North Korea behind social engineering attack on Axios project

Attackers compromised the Axios maintainer's account through social engineering, publishing malicious versions that installed a Remote Access Trojan on victims' systems.
Information security
fromSiliconANGLE
1 day ago

Hackers compromise popular Axios Javascript library with hidden malware - SiliconANGLE

Axios HTTP client library was hacked to distribute malware via a compromised npm account, affecting multiple operating systems.
Information security
fromTechzine Global
1 day ago

North Korea behind social engineering attack on Axios project

Attackers compromised the Axios maintainer's account through social engineering, publishing malicious versions that installed a Remote Access Trojan on victims' systems.
Information security
fromSiliconANGLE
1 day ago

Hackers compromise popular Axios Javascript library with hidden malware - SiliconANGLE

Axios HTTP client library was hacked to distribute malware via a compromised npm account, affecting multiple operating systems.
more#axios
#ai
Information security
fromInfoQ
6 days ago

Securing the AI Stack: From Model to Production

AI has transformed phishing into a high-velocity threat, requiring modern defenses to adopt similar layered tactics.
Information security
fromThe Hacker News
1 day ago

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

Anthropic confirmed a human error led to the accidental release of Claude Code's internal source code, but no sensitive data was exposed.
Information security
fromInfoQ
6 days ago

Securing the AI Stack: From Model to Production

AI has transformed phishing into a high-velocity threat, requiring modern defenses to adopt similar layered tactics.
more#ai
#claude-code
Information security
fromTheregister
1 day ago

Claude Code's source reveals extent of system access

Claude Code has significant control over devices, raising concerns about data retention and potential misuse in sensitive environments.
Information security
fromTheregister
1 day ago

Claude Code's source reveals extent of system access

Claude Code has significant control over devices, raising concerns about data retention and potential misuse in sensitive environments.
more#claude-code
Information security
fromTelecompetitor
22 hours ago

Quantum network supports high-security QKD: How it works, why it matters

Quantum technology presents both risks and benefits for network security, particularly through quantum key distribution (QKD) as a solution to encryption vulnerabilities.
Information security
fromTechCrunch
1 day ago

Mercor says it was hit by cyberattack tied to compromise of open-source LiteLLM project | TechCrunch

Mercor confirmed a security incident linked to a supply chain attack involving LiteLLM, affecting its data and operations.
fromThe Hacker News
23 hours ago

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation - Patch Released

"Use-after-free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page."
Information security
Information security
fromSecuritymagazine
1 day ago

The Rising Tide of Executive Protection: Corporations Ramp Up Security in an Era of Heightened Threats

Companies are increasingly investing in executive protection due to rising threats, making it a strategic necessity for business continuity and resilience.
Information security
fromSecurityWeek
2 days ago

Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise

OAuth tokens pose significant security risks, especially when long-lived, as they can lead to widespread breaches across multiple organizations.
Information security
fromSecurityWeek
1 day ago

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.
Information security
fromInfoQ
2 days ago

Cloudflare Adds Active API Vulnerability Scanning to Its Edge

Cloudflare's Web and API Vulnerability Scanner focuses on detecting Broken Object Level Authorization vulnerabilities in APIs.
Information security
fromSecurityWeek
1 day ago

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Stolen credentials significantly enhance ransomware attacks, enabling illegitimate access and operational disruption within networks.
Information security
fromTheregister
1 day ago

Don't open that WhatsApp message, Microsoft warns

WhatsApp messages are being exploited to deliver malicious files that allow attackers to control victims' machines and access their data.
Information security
fromTechRepublic
1 day ago

Google Drive Expands AI Ransomware Detection, File Recovery to More Users

Google Drive now features AI-powered ransomware detection and built-in file recovery, significantly improving threat identification and response capabilities.
Information security
fromSecurityWeek
2 days ago

Exploitation of Critical Fortinet FortiClient EMS Flaw Begins

Threat actors exploit a critical SQL injection vulnerability in Fortinet FortiClient EMS, allowing remote code execution without authentication.
Information security
fromThe Hacker News
1 day ago

TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks

A high-severity vulnerability in TrueConf software has been exploited, allowing attackers to execute arbitrary code via tampered updates.
#fcc
Information security
fromComputerWeekly.com
2 days ago

Banning routers won't fix what's already broken | Computer Weekly

The FCC's ban on foreign-made routers addresses future procurement, not current security risks, as routers are already vulnerable and widely deployed.
Information security
fromComputerWeekly.com
2 days ago

Banning routers won't fix what's already broken | Computer Weekly

The FCC's ban on foreign-made routers addresses future procurement, not current security risks, as routers are already vulnerable and widely deployed.
more#fcc
Information security
fromnews.bitcoin.com
1 day ago

Chainalysis Deploys AI Agents to Counter Criminal Use of Artificial Intelligence in Crypto

Chainalysis introduces AI agents to enhance fraud detection and compliance without requiring deep technical expertise, ensuring data quality and human oversight.
Information security
fromComputerWeekly.com
1 day ago

Cato Networks unveils modular adoption model for SASE platform | Computer Weekly

Cato Networks introduces a modular adoption model for its SASE platform, allowing organizations to expand networking and security capabilities as needed.
fromComputerworld
1 day ago

Why the axios supply chain attack should have Apple worried

The attack illustrates the extent to which Big Tech relies on open-source software. Without the many contributions of open-source developers, Apple, Amazon, Google, Microsoft, and everyone else would need to invest vast sums in building more of the infrastructure of our digital world.
Information security
Information security
fromThe Hacker News
2 days ago

OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability

A vulnerability in OpenAI ChatGPT allowed sensitive data to be exfiltrated without user consent, exploiting a hidden DNS communication path.
#citrix
Information security
fromSecurityWeek
3 days ago

Exploitation of Fresh Citrix NetScaler Vulnerability Begins

Exploitation of a critical Citrix NetScaler vulnerability began shortly after its public disclosure, with active attempts detected within days.
Information security
fromTheregister
2 days ago

Citrix NetScaler bug may be multiple flaws in one

In-the-wild exploitation of a critical Citrix NetScaler bug has begun, with attackers actively targeting vulnerable systems within days of its disclosure.
Information security
fromThe Hacker News
5 days ago

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

A critical security flaw in Citrix NetScaler ADC and Gateway requires immediate patching to prevent exploitation.
Information security
fromSecurityWeek
3 days ago

Exploitation of Fresh Citrix NetScaler Vulnerability Begins

Exploitation of a critical Citrix NetScaler vulnerability began shortly after its public disclosure, with active attempts detected within days.
Information security
fromTheregister
2 days ago

Citrix NetScaler bug may be multiple flaws in one

In-the-wild exploitation of a critical Citrix NetScaler bug has begun, with attackers actively targeting vulnerable systems within days of its disclosure.
Information security
fromThe Hacker News
5 days ago

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

A critical security flaw in Citrix NetScaler ADC and Gateway requires immediate patching to prevent exploitation.
more#citrix
Information security
fromTechCrunch
2 days ago

Popular AI gateway startup LiteLLM ditches controversial startup Delve | TechCrunch

LiteLLM is terminating its relationship with Delve for security certifications after a malware incident and will seek a new compliance auditor.
Information security
fromFortune
2 days ago

Cargo theft costs U.S. trucking $18 million a day and is 'unlike anything our industry has faced before,' logistics exec warns | Fortune

Cargo theft has become a significant threat to the U.S. supply chain, costing the industry billions annually.
Information security
fromAxios
4 days ago

Everyone's worried that AI's newest models are a hacker's dream weapon

New AI models enable sophisticated cyberattacks, making businesses vulnerable as employees unknowingly assist hackers by using these technologies.
Information security
fromSecurityWeek
5 days ago

Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs

macOS users are targeted by a ClickFix campaign delivering a Python-based information stealer through a fake Cloudflare verification page.
Information security
fromThe Hacker News
5 days ago

TA446 Deploys Leaked DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign

Russian state-sponsored group TA446 is using the DarkSword exploit kit to target iOS devices through phishing emails.
fromTheregister
5 days ago

To BSOD or not to BSOD? Only Microsoft knows the answer

An eagle-eyed Register reader spotted two apparent examples of the breed at Microsoft's stand at the RSAC 2026 Conference, one showing a Blue Screen Of Death from the era of Windows 98 and another that appeared to come from the days of Windows 8.
Information security
[ Load more ]