VoidLink, the newly spotted Linux malware that targets victims' clouds with 37 evil plugins, was generated "almost entirely by artificial intelligence" and likely developed by just one person, according to the research team that discovered the do-it-all implant.β¦
Two "easy-to-exploit" vulnerabilities in the popular open-source AI framework Chainlit put major enterprises' cloud environments at risk of leaking data or even full takeover, according to cyber-threat exposure startup Zafran.β¦
Anthropic has fixed three bugs in its official Git MCP server that researchers say can be chained with other MCP tools to remotely execute malicious code or overwrite files via prompt injection.β¦
Cisco finally delivered a fix for a maximum-severity bug in AsyncOS that has been under attack for at least a month.β¦
What policy wonk wouldn't want to click on an attachment promising to unveil US plans for Venezuela? Chinese cyberspies used just such a lure to target US government agencies and policy-related organizations in a phishing campaign that began just days after an American military operation captured Venezuelan President NicolΓ‘s Maduro.β¦
A critical misconfiguration in AWS's CodeBuild service allowed complete takeover of the cloud provider's own GitHub repositories and put every AWS environment in the world at risk, according to Wiz security researchers.β¦
A brand-new Linux malware named VoidLink targets victims' cloud infrastructure with more than 30 plugins that allow attackers to perform a range of illicit activities, from silent reconnaissance and credential theft to lateral movement and container abuse.Β β¦
Microsoft and Uncle Sam have warned that a Windows bug disclosed today is already under attack.β¦
Vulnerabilities in popular AI and ML Python libraries used in Hugging Face models with tens of millions of downloads allow remote attackers to hide malicious code in metadata. The code then executes automatically when a file containing the poisoned metadata is loaded.β¦
A 21-year-old Swedish man accused of being a key organizer of violence-as-a-service linked to the Foxtrot criminal network, which police say has recruited and exploited minors, has been arrested in Iraq.β¦
exclusiveΒ When it comes to security, AI agents are like self-driving cars, according to Block Chief Information Security Officer James Nettesheim.β¦
While watching us now seems like the least of its sins, the US Immigration and Customs Enforcement (ICE) was once best known (and despised) for its multi-billion-dollar surveillance tech budget.β¦
CrowdStrike has signed a $740 million deal to buy identity security startup SGNL. The move underscores the growing threat of identity-based attacks as companies struggle to secure skyrocketing numbers of non-human identities, including AI agents.β¦
Cisco patched a bug in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) products that allows remote attackers with admin-level privileges to access sensitive information - and warned that a public, proof-of-concept exploit for the flaw exists online.β¦
InterviewΒ With everyone from would-be developers to six-year-old kids jumping on the vibe coding bandwagon, it shouldn't be surprising that criminals like automated coding tools too.β¦
exclusiveΒ The European Space Agency on Wednesday confirmed yet another massive security breach, and told The Register that the data thieves responsible will be subject to a criminal investigation. And this could be a biggie.β¦
Last fall, Jakub Ciolek reported two denial-of-service bugs in Argo CD, a popular Kubernetes controller, via HackerOne's Internet Bug Bounty (IBB) program. Both were assigned CVEs and have since been fixed. But instead of receiving an $8,500 reward for the two flaws, Ciolek says, HackerOne ghosted him for months.β¦
Internet service provider Brightspeed confirmed that it's investigating criminals' claims that they stole more than a million customers' records and have listed them for sale for three bitcoin, or about $276,370.Β β¦
If you don't say "yes way" to MFA, the consequences can be disastrous. Sensitive data belonging to about 50 global enterprises is listed for sale β and, in some cases, has already been sold β on the dark web following a major infostealer campaign, with apparent victims including American utility engineering firm Pickett and Associates; Japan's homebuilding giant Sekisui House; and Spain's largest airline Iberia.β¦
Resecurity offered its "congratulations" to the Scattered Lapsus$ Hunters cybercrime crew for falling into its threat intel team's honeypot β resulting in a subpoena being issued for one of the data thieves. Meanwhile, the notorious extortionists have since removed their claims of gaining "full access" to the security shop's systems.β¦
Login