Researchers question Anthropic claim that AI-assisted attack was 90% autonomous
The results of AI-assisted hacking aren’t as impressive as many might have us believe.
ClickFix may be the biggest security threat your family has never heard of
Relatively new technique can bypass many endpoint protections.
Wipers from Russia’s most cut-throat hackers rain destruction on Ukraine
Sandworm and other Russian-state hackers unleash data-destroying payloads on their neighbors.
5 AI-developed malware families analyzed by Google fail to work and are easily detected
You wouldn’t know it from the hype, but the results fail to impress.
Two Windows vulnerabilities, one a 0-day, are under active exploitation
Both vulnerabilities are being exploited in wide-scale operations.
NPM flooded with malicious packages downloaded more than 86,000 times
Packages downloaded from NPM can fetch dependancies from untrusted sites.
New physical attacks are quickly diluting secure enclave defenses from Nvidia, AMD, and Intel
On-chip TEEs withstand rooted OSes but fall instantly to cheap physical attacks.
A single point of failure triggered the Amazon outage affecting millions
A DNS manager in a single region of Amazon’s sprawling network touched off a 16-hour debacle.
Cache poisoning vulnerabilities found in 2 DNS resolving apps
At least one CVE could weaken defenses put in place following 2008 disclosure.
NSO permanently barred from targeting WhatsApp users with Pegasus spyware
Ruling holds that defeating end-to-end encryption in WhatsApp harms Meta’s business.
Nation-state hackers deliver malware from “bulletproof” blockchains
Malicious payloads stored on Ethereum and BNB blockchains are immune to takedowns.
Thousands of customers imperiled after nation-state ransacks F5’s network
Risks to BIG-IP users include supply-chain attacks, credential loss, and vulnerability exploits.
Feds seize $15 billion from alleged forced labor scam built on “human suffering”
Scams like this one net billions from well-educated victims.
Hackers can steal 2FA codes and private messages from Android phones
Malicious app required to make “Pixnapping” attack work requires no permissions.
Why Signal’s post-quantum makeover is an amazing engineering achievement
New design sets a high standard for post-quantum readiness.
Microsoft warns of new “Payroll Pirate” scam stealing employees’ direct deposits
Among other things, the scammers bypass multi-factor authentication.
Discord says hackers stole government IDs of 70,000 users
As more sites require IDs for user age verification, expect more such breaches to come.
Salesforce says it won’t pay extortion demand in 1 billion records breach
Scattered LAPSUS$ Hunters gave Salesforce until Friday to pay or else.
That annoying SMS phish you just got may have come from a box like this
Smishers looking for new infrastructure are getting creative.
Intel and AMD trusted enclaves, the backbone of network security, fall to physical attacks
The chipmakers say physical attacks aren’t in the threat model. Many users didn’t get the memo.
As many as 2 million Cisco devices affected by actively exploited 0-day
Search shows 2 million vulnerable Cisco SNMP interfaces exposed to the Internet.
Supermicro server motherboards can be infected with unremovable malware
Baseboard management controller vulnerabilities make remote attacks possible.
Here’s how potent Atomic credential stealer is finding its way onto Macs
LastPass warns it’s one of the latest to see its well-known brand impersonated.
Two of the Kremlin’s most active hack groups are collaborating, ESET says
Turla is getting a helping hand from Gamaredon. Both are units of Russia’s FSB.
Two UK teens charged in connection to Scattered Spider ransomware attacks
Ransomware group is one of the world’s most prolific.
Recent Posts
- Seven inevitable cyber threats every Australian organisation must be ready to contain
- You already use a software-only approach to passkey authentication – why that matters
- “AI가 고용 지형 흔든다” 젊은층과 초급 직무부터 타격
- 컴퓨터공학과 학위가 AI 시대에 맞게 바뀌어야 하는 10가지 이유
- Still running a 2020 PC? Your business is at risk—both from security threats and being left behind.
Recent Comments
No comments to show.