Atomic Stealer MacOS ClickFix Attack Bypasses Apple Security Warnings
macOS 26.4 update introduced security warnings into Terminal to prevent ClickFix attacks, so attackers have shifted to Script Editor instead
Information Security Magazine
Middle East Hack-for-Hire Operation Traced to South Asian Cyber Espionage Group
1 week ago
A spear-phishing campaign which spread across the Middle East between 2023 and 2024 has now been linked to Bitter APT group
Governance Gaps Emerge as AI Agents Drive 76% Increase in NHIs
1 week ago
SANS Institute reveals that AI agents are behind a 76% surge in non-human identities
Google Warns of New Threat Group Targeting BPOs and Helpdesks
1 week ago
Google’s threat intel team warns UNC6783, a new extortion group possibly linked to the “Raccoon” persona, is targeting BPOs and enterprises
Google API Keys Quietly Gain Access to Gemini on Android Devices
1 week 1 day ago
Google API key flaw exposes mobile apps to Gemini AI access, private files and billing risks
Critical Vulnerability in Ninja Forms Exposes WordPress Sites
1 week 1 day ago
Ninja Forms File Upload RCE via unauthenticated arbitrary file upload; update to 3.3.27 immediately
Anthropic Launches Project Glasswing to Use AI to Find and Fix Critical Software Vulnerabilities
1 week 1 day ago
Anthropic launches Project Glasswing, using its Claude Mythos Preview AI to autonomously identify and fix undiscovered vulnerabilities in critical software
US Thwarts DNS Hijacking Network Controlled by Russian APT28 Hackers
1 week 1 day ago
The FBI deployed a method to unplug US-based routers compromised by APT28 from the threat actor’s malicious network
Claude Discovers Apache ActiveMQ Bug Hidden for 13 Years
1 week 1 day ago
Anthropic’s Claude AI has helped researchers find a vulnerability in Apache ActiveMQ Classic
Iran‑Backed Threat Actors Hit US CNI Providers via Internet‑Facing OT Assets
1 week 1 day ago
CISA has revealed Iranian attacks causing disruption and financial loss at US critical infrastructure firms
Russian APT28 Hackers Hijack Routers to Steal Credentials, UK Security Agency Warns
1 week 2 days ago
Newly identified malicious campaigns are linked to virtual private servers modified by APT28 to operate as malicious DNS servers
GPU Rowhammer Attack Enables Privilege Escalation and Full System Compromise
1 week 2 days ago
GPUBreach uses GPU Rowhammer on GDDR6 to flip bits, corrupt page tables and escalate to system root
GrafanaGhost Exploit Bypasses AI Guardrails for Silent Data Exfiltration
1 week 2 days ago
GrafanaGhost chains AI prompt injection and URL flaws to exfiltrate sensitive Grafana data
Over $17bn Lost to Cyber Fraud in the Last Year, Warns FBI
1 week 2 days ago
Cryptocurrency scams alone cost victims over $7 billion, while AI-enabled fraud threats are on the rise, says FBI
Storm-1175 Exploits Flaws in High-Velocity Medusa Attacks
1 week 2 days ago
Microsoft has released a new report about the Storm-1175 group and its connection to Medusa ransomware
Fortinet Releases Emergency Patch After FortiClient EMS Bug Is Exploited
1 week 2 days ago
Fortinet has updated its FortiClient EMS product after zero-day attacks surfaced
New Phishing Platform Used in Credential Theft Campaigns Against C-Suite Execs
1 week 6 days ago
A large-scale credential theft campaign targeting senior executives has been linked to a previously unknown automated phishing platform called Venom
New 'Storm' Infostealer Remotely Decrypts Stolen Credentials
2 weeks ago
This modern infostealer adopted server-side decryption of stolen credentials to bypass security controls
NCSC Issues Security Alert Over Hackers Targeting WhatsApp and Signal Accounts
2 weeks ago
The UK’s cybersecurity agency offered advice to “high-risk’ individuals” on how to protect against social engineering and cyber-attacks
Apple Expands iOS 18 Security Updates Amid DarkSword Threat
2 weeks ago
iOS/iPadOS 18.7.7 updates expanded to protect older devices from DarkSword web exploit kit
Checked
9 hours 25 minutes ago