UK NCSC Supports Public Disclosure for AI Safeguard Bypass Threats
The UK National Cyber Security Centre thinks public disclosure programs could help mitigate AI safety threats
Information Security Magazine
Zscaler Customer Info Taken in Salesloft Breach
3 months 2 weeks ago
Zscaler has emerged as the latest corporate victim of a supply chain attack targeting Salesforce data
Silver Fox Exploits Signed Drivers to Deploy ValleyRAT Backdoor
3 months 2 weeks ago
Silver Fox APT abuses Microsoft-signed drivers to kill antivirus and deploy ValleyRAT remote-access backdoor
High-Risk SQLi Flaw Exposes WordPress Memberships Plugin Users
3 months 2 weeks ago
A vulnerability in the WordPress Paid Memberships Subscription plugin could lead to unauthenticated SQL injection on affected sites
Ransomware Attack on Pennsylvania’s AG Office Disrupts Court Cases
3 months 2 weeks ago
Pennsylvania’s Attorney General confirmed the OAG had refused to pay a ransom demand to the attackers after files were encrypted
Amazon Stops Russian APT29 Watering Hole Attack Exploiting Microsoft Auth
3 months 2 weeks ago
The campaign shows APT29’s intentions to “cast a wider net in their intelligence collection efforts,” said Amazon
Salesloft Attacks Target Google Workspace
3 months 2 weeks ago
Adversaries targeting the Salesloft Drift application integration with Salesforce have also compromised Google Workspace accounts
WhatsApp Patches Zero-Day, Zero-Click Flaw
3 months 2 weeks ago
WhatsApp has fixed a zero-day vulnerability linked to a sophisticated cyber-attack
North Korean Hackers Weaponize Seoul Intelligence Files to Target South Koreans
3 months 2 weeks ago
Pyongyang-backed hacking group APT37 leveraged an internal South Korean intelligence briefing in a spear phishing campaign
Npm Package Hijacked to Steal Data and Crypto via AI-Powered Malware
3 months 2 weeks ago
A software supply chain attack targeting Nx marks the first known case where attackers have leveraged developer AI assistants, according to StepSecurity
State-Sponsored Hackers Behind Majority of Vulnerability Exploits
3 months 2 weeks ago
Recorded Future highlighted the vast capabilities of state actors to rapidly weaponize newly disclosed vulnerabilities for geopolitical purposes
TransUnion Data Breach Impacts 4.5 Million US Customers
3 months 2 weeks ago
The credit rating giant revealed that the breach, which occurred on July 28, was caused by unauthorized access to a third-party application
Fake IT Support Attacks Hit Microsoft Teams
3 months 2 weeks ago
Fake IT support lures are being used to trick employees into installing remote‑access tools via Microsoft Teams
Netherlands Confirms China's Salt Typhoon Targeted Small Dutch Telcos
3 months 2 weeks ago
Salt Typhoon’s primary Dutch targets were small internet service providers and hosting providers
Malicious VS Code Extensions Exploit Name Reuse Loophole
3 months 2 weeks ago
Visual Studio Code extensions have been identified exploiting a loophole that allows reuse of names from removed packages
Nevada Confirms Ransomware Attack, State Data Stolen
3 months 2 weeks ago
Nevada’s CIO confirmed in a press conference that ransomware actors had exfiltrated data from state networks, amid an ongoing incident investigation
Chinese Tech Firms Linked to Salt Typhoon Espionage Campaigns
3 months 2 weeks ago
The US, UK and allies have called out China’s “commercial cyber ecosystem” for enabling large-scale Salt Typhoon campaigns
Crypto Companies Freeze $47m in Romance Baiting Funds
3 months 2 weeks ago
Chainalysis, OKX, Binance and Tether have managed to stop nearly $50m reaching romance baiting fraudsters
Ransomware Actor Deletes Data and Backups Post-Exfiltration on Azure
3 months 2 weeks ago
Microsoft observed Storm-0501 pivot to the victim’s cloud environment to exfiltrate data rapidly and prevent the victim’s recovery
CISA Strengthens Software Procurement Security With New Tool
3 months 3 weeks ago
CISA has launched a new Software Acquisition Guide Web Tool to enhance security in software procurement
Checked
16 hours 18 minutes ago