#backdoor-chrysalis

[ follow ]
#cybersecurity #malware #vulnerabilities #hacking #ai #vulnerability #ai-security #ransomware #iran
#apple-intelligence
Apple
fromTheregister
16 hours ago

Security reserchers tricked Apple Intelligence into cursing

Apple Intelligence can be hijacked through prompt injection, exposing millions of users to risk, but a fix was implemented in iOS 26.4 and macOS 26.4.
Apple
fromSecurityWeek
16 hours ago

Apple Intelligence AI Guardrails Bypassed in New Attack

Researchers have successfully bypassed Apple's AI safety protocols using adversarial techniques, allowing for the execution of arbitrary tasks and manipulation of private data.
Apple
fromTheregister
16 hours ago

Security reserchers tricked Apple Intelligence into cursing

Apple Intelligence can be hijacked through prompt injection, exposing millions of users to risk, but a fix was implemented in iOS 26.4 and macOS 26.4.
Apple
fromSecurityWeek
16 hours ago

Apple Intelligence AI Guardrails Bypassed in New Attack

Researchers have successfully bypassed Apple's AI safety protocols using adversarial techniques, allowing for the execution of arbitrary tasks and manipulation of private data.
more#apple-intelligence
#cybersecurity
from24/7 Wall St.
1 day ago
Information security

CrowdStrike CEO warns AI will trigger explosion of cyber attacks with shrinking patch windows

Information security
fromTechCrunch
14 hours ago

Hacker stole 700,000 from U.K. energy company by redirecting payment | TechCrunch

Zephyr Energy lost £700,000 due to a hacker redirecting a payment meant for a contractor into a fraudulent account.
Information security
fromTheregister
15 hours ago

Old Adobe Reader zero-day uses PDFs to size up targets

Hackers exploit a zero-day vulnerability in Adobe Acrobat Reader using malicious PDFs for targeted profiling and potential system compromise.
Information security
fromTechSpot
10 hours ago

Hackers are turning home routers into tools to spy on Microsoft 365 users

Forest Blizzard hackers exploit insecure routers to compromise devices and intercept traffic, targeting Microsoft 365 domains for sensitive data.
Information security
fromThe Hacker News
12 hours ago

UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns

A new threat cluster UAT-10362 targets Taiwanese NGOs and universities with Lua-based malware LucidRook via spear-phishing campaigns.
Information security
from24/7 Wall St.
1 day ago

CrowdStrike CEO warns AI will trigger explosion of cyber attacks with shrinking patch windows

AI will significantly increase the speed of cyberattacks, reducing response time for organizations from days to minutes.
Information security
fromTechCrunch
14 hours ago

Hacker stole 700,000 from U.K. energy company by redirecting payment | TechCrunch

Zephyr Energy lost £700,000 due to a hacker redirecting a payment meant for a contractor into a fraudulent account.
Information security
fromTheregister
15 hours ago

Old Adobe Reader zero-day uses PDFs to size up targets

Hackers exploit a zero-day vulnerability in Adobe Acrobat Reader using malicious PDFs for targeted profiling and potential system compromise.
more#cybersecurity
Privacy professionals
fromTechCrunch
1 day ago

Hack-for-hire group caught targeting Android devices and iCloud backups | TechCrunch

A hack-for-hire group is targeting journalists and officials in the Middle East and North Africa using phishing and spyware tactics.
Software development
fromDevOps.com
13 hours ago

Appknox Adds AI Tool to Detect and Fix Vulnerabilities in Mobile Applications - DevOps.com

Appknox introduces AI to assess mobile app vulnerabilities and recommend fixes, enhancing the patching process for software engineering teams.
Cars
fromTESLARATI
12 hours ago

Tesla issues wake up call to Full Self-Driving hackers and cheats

Tesla is disabling Full Self-Driving capabilities on vehicles using unauthorized hacks in regions where the software is unapproved.
fromEngadget
9 hours ago

A maverick hacker got Mac OS X running on a Wii

"Last year, when I saw that Windows NT had been ported to the Wii, I felt a renewed sense of motivation. Even if my lack of low-level experience resulted in failure, attempting this project would still be an opportunity to learn something new."
Games
#ai
Information security
fromTheregister
2 days ago

Anthropic Mythos model can find and exploit 0-days

AI model Mythos can generate zero-day vulnerabilities, surpassing human capabilities, but Anthropic chose not to release it to prevent widespread exploitation.
Information security
fromwww.theguardian.com
1 day ago

Anthropic says its latest AI model can expose weaknesses in software security

Claude Mythos exposes thousands of software vulnerabilities, prompting Anthropic to limit its release and collaborate with cybersecurity specialists.
Information security
fromTheregister
2 days ago

Anthropic Mythos model can find and exploit 0-days

AI model Mythos can generate zero-day vulnerabilities, surpassing human capabilities, but Anthropic chose not to release it to prevent widespread exploitation.
more#ai
Node JS
fromZero Day Initiative
1 day ago

Zero Day Initiative - Node.js Trust Falls: Dangerous Module Resolution on Windows

Node.js module resolution can lead to security vulnerabilities if malicious packages are placed in the root node_modules directory.
Information security
fromThe Hacker News
16 hours ago

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

A new variant of the Phorpiex botnet combines traditional and peer-to-peer communication, facilitating sophisticated malware operations and high-volume spam.
#openclaw
DevOps
fromInfoWorld
6 days ago

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.
Information security
fromArs Technica
6 days ago

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.
DevOps
fromInfoWorld
6 days ago

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.
Information security
fromArs Technica
6 days ago

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.
more#openclaw
Privacy professionals
fromWIRED
1 day ago

Men Are Buying Hacking Tools to Use Against Their Wives and Friends

Telegram groups facilitate the sale of hacking and surveillance services, promoting abusive content targeting women and girls.
Node JS
fromNist
2 days ago

NVD

Tinyproxy versions up to 1.11.3 are vulnerable to HTTP request parsing desynchronization due to case-sensitive Transfer-Encoding header comparison.
Privacy professionals
fromTechCrunch
1 day ago

Hackers steal and leak sensitive LAPD police documents | TechCrunch

Cybercriminals leaked sensitive LAPD documents online, including personnel files and internal investigations, allegedly by the extortion gang World Leaks.
Information security
fromTechRepublic
11 hours ago

Hackers Exploit Adobe PDF Flaw for Months to Steal Data, No Fix Yet

Attackers exploit a zero-day vulnerability in Adobe Acrobat Reader to steal data and potentially take over systems using malicious PDF files.
#security
more#security
#adobe-reader
Information security
fromThe Hacker News
17 hours ago

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

A zero-day vulnerability in Adobe Reader is being exploited through malicious PDF documents to harvest sensitive data and execute additional payloads.
Information security
fromThe Hacker News
17 hours ago

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

A zero-day vulnerability in Adobe Reader is being exploited through malicious PDF documents to harvest sensitive data and execute additional payloads.
more#adobe-reader
Information security
fromSecurityWeek
1 day ago

Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover

A critical vulnerability in Ninja Forms allows file uploads that could lead to remote code execution on affected websites.
Privacy professionals
fromSecuritymagazine
4 days ago

Breach of FBI Surveillance System Considered a "Major Incident," Security Experts Weigh In

FBI confirms major breach of surveillance system, exposing sensitive data and potentially revealing criminal probes and surveillance targets.
Information security
fromTechRepublic
1 day ago

'BlueHammer' Exploit Targets Windows, Potentially Impacting 1 Billion+ Devices

A security researcher released exploit code for a Windows zero-day vulnerability called BlueHammer, allowing privilege escalation without an official Microsoft patch.
Information security
fromSecurityWeek
17 hours ago

Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities

Palo Alto Networks and SonicWall released patches for multiple vulnerabilities, including high-severity bugs that could allow unauthorized access and code execution.
Information security
fromThe Hacker News
9 hours ago

EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets

A security vulnerability in EngageLab SDK could have exposed millions of cryptocurrency wallet users to unauthorized data access.
Artificial intelligence
fromFuturism
1 month ago

AI Tools Are Supercharging Hackers

AI systems are increasingly weaponized for cybercrime, enabling hackers to exploit vulnerabilities at scale with minimal technical expertise, as demonstrated by recent attacks on Mexican government networks and global firewall systems.
Information security
fromThe Hacker News
1 day ago

Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

Anthropic's Project Glasswing uses Claude Mythos to identify and address cybersecurity vulnerabilities, surpassing human capabilities in some instances.
#ai-security
Information security
fromnews.bitcoin.com
4 days ago

Deepmind's 'AI Agent Traps' Paper Maps How Hackers Could Weaponize AI Agents Against Users

Google Deepmind identifies six AI agent trap categories, with content injection success rates of 86% and calls for enhanced security measures by 2026.
Information security
fromSecurityWeek
3 days ago

Google DeepMind Researchers Map Web Attacks Against AI Agents

Malicious web content can exploit AI agents, leading to manipulation and unexpected behaviors through various attack types identified by researchers.
Information security
fromnews.bitcoin.com
4 days ago

Deepmind's 'AI Agent Traps' Paper Maps How Hackers Could Weaponize AI Agents Against Users

Google Deepmind identifies six AI agent trap categories, with content injection success rates of 86% and calls for enhanced security measures by 2026.
Information security
fromSecurityWeek
3 days ago

Google DeepMind Researchers Map Web Attacks Against AI Agents

Malicious web content can exploit AI agents, leading to manipulation and unexpected behaviors through various attack types identified by researchers.
more#ai-security
Information security
fromThe Hacker News
2 days ago

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.
#phishing
Information security
fromTheregister
2 days ago

Hundreds compromised daily in Microsoft device code phishes

A Microsoft device-code phishing campaign is compromising hundreds of organizations daily, utilizing AI and automation to steal financial data.
fromThe Hacker News
2 weeks ago
Information security

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.
Information security
fromTheregister
2 days ago

Hundreds compromised daily in Microsoft device code phishes

A Microsoft device-code phishing campaign is compromising hundreds of organizations daily, utilizing AI and automation to steal financial data.
Information security
fromThe Hacker News
2 weeks ago

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.
more#phishing
Information security
fromThe Hacker News
1 day ago

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

Contagious Interview campaign targets Go, Rust, and PHP ecosystems with malicious packages that function as malware loaders.
Artificial intelligence
fromThe Hacker News
2 months ago

AI Agents Are Becoming Privilege Escalation Paths

Organizational AI agents centralize cross-system automation with broad permissions, improving efficiency but creating opaque access intermediaries and new authorization and accountability risks.
Information security
fromTechRepublic
1 day ago

Why Operationalizing AI Security Is the Next Great Enterprise Hurdle

Security operations lag behind rapid tech advancements, leading to inefficiencies and risks in managing numerous security tools.
#fortinet
Information security
fromTechRepublic
3 days ago

New Fortinet Flaw Allows Unauthorized Access to Enterprise Systems

A critical FortiClient EMS vulnerability allows unauthenticated attackers to bypass protections and execute unauthorized commands on systems.
Information security
fromTechRepublic
3 days ago

New Fortinet Flaw Allows Unauthorized Access to Enterprise Systems

A critical FortiClient EMS vulnerability allows unauthenticated attackers to bypass protections and execute unauthorized commands on systems.
Information security
fromSecurityWeek
3 days ago

Fortinet Rushes Emergency Fixes for Exploited Zero-Day

Fortinet released emergency hotfixes for a critical vulnerability in FortiClient EMS that allows remote code execution without authentication.
Information security
fromThe Hacker News
5 days ago

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet released patches for a critical vulnerability in FortiClient EMS, allowing unauthenticated attackers to execute unauthorized commands.
Information security
fromSecurityWeek
1 week ago

Exploitation of Critical Fortinet FortiClient EMS Flaw Begins

Threat actors exploit a critical SQL injection vulnerability in Fortinet FortiClient EMS, allowing remote code execution without authentication.
more#fortinet
#ransomware
Information security
fromSecuritymagazine
2 days ago

Ransomware Response: How Businesses Regain Control Under Pressure

Ransomware attacks create urgent pressure, forcing quick decisions and impacting operations, legal obligations, and overall enterprise strategy.
Information security
fromSecurityWeek
2 days ago

Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems

Medusa ransomware group rapidly exploits vulnerabilities, impacting critical sectors and employing double extortion tactics since June 2021.
Information security
fromSecuritymagazine
2 days ago

Ransomware Response: How Businesses Regain Control Under Pressure

Ransomware attacks create urgent pressure, forcing quick decisions and impacting operations, legal obligations, and overall enterprise strategy.
Information security
fromSecurityWeek
2 days ago

Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems

Medusa ransomware group rapidly exploits vulnerabilities, impacting critical sectors and employing double extortion tactics since June 2021.
more#ransomware
Information security
fromThe Hacker News
1 day ago

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

Enterprise IAM faces fragmentation, leading to Identity Dark Matter and a significant gap in visibility and security oversight.
Information security
fromSecurityWeek
2 days ago

The New Rules of Engagement: Matching Agentic Attack Speed

AI-enabled cyberattacks are currently occurring, with significant impacts on organizations and a widening gap between attackers and defenders.
#rowhammer
Information security
fromSecurityWeek
2 days ago

GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack

A new Rowhammer attack, GPUBreach, allows privilege escalation and memory corruption in GPUs, posing significant threats to cloud environments.
Information security
fromSecurityWeek
2 days ago

GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack

A new Rowhammer attack, GPUBreach, allows privilege escalation and memory corruption in GPUs, posing significant threats to cloud environments.
more#rowhammer
Information security
fromTechCrunch
2 days ago

Russian government hackers broke into thousands of home routers to steal passwords | TechCrunch

Russian hackers hijacked thousands of routers globally to redirect internet traffic and steal passwords and access tokens.
Information security
fromThe Hacker News
2 days ago

Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign

A campaign targets ComfyUI instances for cryptocurrency mining and botnet enlistment through remote code execution exploits.
Information security
fromTheregister
3 days ago

AI agents found vulns in this Linux and Unix print server

Two vulnerabilities in CUPS allow unauthenticated remote code execution and root file overwrite, posing significant security risks in networked environments.
Information security
fromThe Hacker News
3 days ago

Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps

Multi-OS attacks complicate SOC operations, leading to delays, fragmented evidence, and increased escalation volume, ultimately allowing attackers more time to operate.
fromDevOps.com
3 days ago

Is Your AI Agent Secure? The DevOps Case for Adversarial QA Testing - DevOps.com

The most dangerous assumption in quality engineering right now is that you can validate an autonomous testing agent the same way you validated a deterministic application. When your systems can reason, adapt, and make decisions on their own, that linear validation model collapses.
Information security
fromComputerworld
6 days ago

A core infrastructure engineer pleads guilty to federal charges in insider attack

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.
Information security
Information security
fromTheregister
1 week ago

Security boffins harvest bumper crop of API keys from web

Almost 2,000 API credentials were found exposed on 10,000 webpages, posing significant security risks to organizations and critical infrastructure.
Information security
fromThe Hacker News
1 month ago

The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction

Teams must reduce unnecessary internet-facing exposure to minimize vulnerability exploitation risk, as time-to-exploit windows are shrinking to hours or minutes.
Information security
fromTheregister
2 months ago

Vulnerability exploits now dominate intrusions

Exploit of disclosed vulnerabilities now causes most intrusions, with attackers weaponizing new flaws within hours while many organizations patch slowly.
Information security
fromTechzine Global
2 months ago

Researchers hack malware gang via its own weak spot

An XSS flaw in StealC’s web panel allowed takeover of operator sessions, revealing millions of stolen cookies, passwords, and YouTube-based malware distribution.
Information security
fromTechzine Global
2 months ago

New Windows backdoor emerges in ransomware attack

PDFSider is a stealthy Windows backdoor deployed via social engineering and DLL side-loading to provide persistent, encrypted access and data exfiltration over DNS.
[ Load more ]