Attackers Combine ClickFix With PySoxy Proxying to Maintain Persistence
Exploitation of open-source tools allows attackers to maintain persistent access after initial social engineering, warn ReliaQuest researchers
Information Security Magazine
Malicious Hugging Face Repository Typosquats OpenAI
3 hours 7 minutes ago
HiddenLayer reveals infostealer malware in a Hugging Face repository
South Staffordshire Water Fined £1m After Data Breach
4 hours 7 minutes ago
The ICO has fined South Staffordshire Water nearly £1m for a series of data protection failings
TrickMo Variant Routes Android Trojan Traffic Through TON
21 hours 22 minutes ago
ThreatFabric finds new TrickMo Android banking trojan variant routing C2 through The Open Network
Rushed Patches Follow Broken Embargo on New Linux Kernel Vulnerabilities
22 hours 7 minutes ago
Two new high-severity vulnerabilities, dubbed ’Dirty Frag’ when chained, have been found in the Linux kernel, affecting most Linux distributions
Fake Claude Code Page Pushes PowerShell Stealer at Devs
22 hours 37 minutes ago
Ontinue uncovers fake Claude Code installer pushing PowerShell stealer abusing Chrome's IElevator2
Hackers Observed Using AI to Develop Zero-Day for the First Time
23 hours 37 minutes ago
Google Threat Intelligence Group details how cybercriminals attempted to launch a campaign based around an AI-developed Zero-Day targeting open-source software
US: FCC Relaxes Foreign-Made Router Ban to Allow for Security Updates
1 day 1 hour ago
The same extension applies to security updates shipped to US-based users of foreign-made drones
ShinyHunters Escalates Canvas Extortion with School by School Ransom Campaign
1 day 2 hours ago
ShinyHunters has escalated its Canvas extortion campaign, defacing hundreds of school login pages and threatening to leak stolen data unless institutions negotiate
Zara Data Breach Impacts Nearly 200,000 Customers
1 day 3 hours ago
ShinyHunters gets away with emails and other data on 200,000 Zara customers
Police Shut Relaunched Crimenetwork Dark Web Marketplace
1 day 4 hours ago
Spanish police have arrested the suspected administrator of German dark web marketplace Crimenetwork
Australian Cyber Security Centre Issues Alert Over ClickFix Attacks
4 days 1 hour ago
ACSC warns over a campaign targeting organizations which uses ClickFix to deliver Vidar infostealer malware
PCPJack Campaign Boots TeamPCP Off Compromised Machines
4 days 3 hours ago
SentinelOne believes the PCPJack campaign may be the brainchild of a former TeamPCP member
Legacy Security Tools Failing Data Protection, Capital One Software Report Finds
4 days 21 hours ago
Traditional network security tools are undermining data protection, with Forrester and Capital One Software research warning AI adoption is impossible without rethinking data security
Cline Kanban Flaw Lets Websites Hijack AI Coding Agents
4 days 22 hours ago
Oasis Security finds critical Cline kanban WebSocket flaw exposing AI coding agents to hijack
OpenAI and Anthropic LLMs Used in Critical Infrastructure Cyber-Attack, Warns Dragos
4 days 22 hours ago
Commercial AI models were used to help plan and conduct cyber-attack against operational technology of a water and drainage facility, say researchers
Fake Claude AI Site Drops Beagle Backdoor on Windows Users
4 days 23 hours ago
Sophos finds fake Claude site spreading DonutLoader and a new Beagle backdoor via DLL sideloading
Daemon Tools Developer Confirms Software Was Trojanized
5 days 3 hours ago
A China-linked threat actor backdoored a version of Daemon Tools to infect thousands
Researchers Spot Uptick in Use of Vercel for Phishing Campaigns
5 days 4 hours ago
Cofense has warned of a “significant” increase in phishing campaigns abusing Vercel platform
CloudZ Malware Abuses Phone Link to Steal SMS OTPs
5 days 21 hours ago
Cisco Talos uncovers CloudZ RAT and Pheno plugin abusing Microsoft Phone Link to intercept SMS OTPs
Checked
37 minutes 46 seconds ago