Cybersecurity

638 articles in this category (Page 12 of 27)

AI NewsCybersecurityMalware

Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading

A new LinkedIn phishing campaign delivers a remote access trojan (RAT) via DLL sideloading, exploiting trusted software and bypassing traditional security measures.

Jan 20, 2026

AI NewsCybersecurityCloud Security

Microsoft & Anthropic MCP Servers at Risk of RCE, Cloud Takeovers

Researchers discovered critical vulnerabilities in Model Context Protocol (MCP) servers, potentially leading to remote code execution and cloud account takeovers.

Jan 20, 2026

AI NewsCybersecurityEmail Security

Zendesk Instances Leveraged in Mass Spam Campaigns

Recent spam attacks originating from legitimate Zendesk instances have impacted users, with one report citing over 800 spam emails bypassing iCloud filters.

Jan 20, 2026

AI NewsCybersecuritySoftware Vulnerability

Anthropic MCP Git Server Vulnerabilities Enable RCE via Prompt Injection

Three vulnerabilities in Anthropic’s MCP Git server allow remote code execution (RCE) through prompt injection attacks.

Jan 20, 2026

AI NewsCybersecurityDevSecOps

Why Secrets in JavaScript Bundles are Still Being Missed

Scanning 5M apps uncovered 42K exposed secrets in JavaScript bundles, highlighting shortcomings in current SAST and DAST practices.

Jan 20, 2026

AI NewsCybersecurityHealthcare

ChatGPT Health Raises Big Security, Safety Concerns

OpenAI's ChatGPT Health promises secure data handling, but raises significant questions regarding user privacy and potential for inaccurate health advice.

Jan 19, 2026

AI NewsCybersecurityPrompt Injection

Google Gemini Prompt Injection Exposes Calendar Data via Malicious Invites

A recent vulnerability in Google Gemini allowed unauthorized access to private Google Calendar data through a cleverly disguised prompt injection attack.

Jan 19, 2026

AI NewsCybersecurityHardware

New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs

StackWarp allows privileged hosts to execute code inside AMD SEV-SNP confidential VMs, impacting Zen 1–5 processors.

Jan 19, 2026

AI NewsCybersecurityMalware

StealC Malware Panel Vulnerability Exposed Threat Actor Operations

Researchers exploited an XSS flaw in the StealC malware panel to monitor a threat actor’s operations, stealing over 30 million cookies and 390,000 passwords.

Jan 19, 2026

AI NewsCybersecurityThreat Intelligence

Fortinet Exploits, AI-Powered Attacks & Emerging Malware Dominate Recent Cybersecurity Landscape

This week’s recap highlights a critical Fortinet vulnerability and the rise of sophisticated attacks leveraging AI and evolving malware frameworks.

Jan 19, 2026

AI NewsCybersecurityFinTech

SAFEGUARD RECOVERY EXPERT: Crypto Asset Recovery Service

One investor recovered $278,000 in cryptocurrency lost to fraudulent brokers using a specialized recovery service.

Jan 17, 2026

AI NewsCybersecurityAI Applications

AI System Reduces Attack Reconstruction Time From Weeks to Hours

PNNL’s ALOHA system leverages AI to reduce attack reconstruction time from weeks to hours, accelerating threat emulation and defense.

Jan 16, 2026

AI NewsCybersecurityThreat Intelligence

China-Linked APT Exploits Sitecore Zero-Day in Critical Infrastructure Intrusions

Cisco Talos reports China-linked APT UAT-8837 leveraging a Sitecore zero-day (CVE-2025-53690, CVSS 9.0) against North American critical infrastructure.

Jan 16, 2026

AI NewsCybersecurityVulnerability

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

Cisco addressed CVE-2025-20393, a critical 10.0 CVSS zero-day RCE flaw in AsyncOS, exploited by the China-linked UAT-9686 APT group.

Jan 16, 2026

AI NewsCybersecurityBrowser Security

Malicious Chrome Extensions Target Workday & NetSuite for Account Takeover

Five rogue Chrome extensions impersonating legitimate platforms like Workday and NetSuite have been discovered, resulting in stolen cookies and compromised admin controls.

Jan 16, 2026

AI NewsCybersecurityMalware

GootLoader Malware Employs 500-1,000 Concatenated ZIP Archives for Evasion

GootLoader malware utilizes malformed ZIP archives containing 500–1,000 concatenated files to bypass detection by tools like WinRAR.

Jan 16, 2026

AI NewsCybersecurityThreat Intelligence

LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing

China-linked attackers deployed the LOTUSLITE backdoor against U.S. government targets via Venezuela-themed phishing, highlighting continued reliance on DLL side-loading.

Jan 16, 2026

AI NewsCybersecurityVulnerability Management

Microsoft Disrupts RedVDS Cybercrime Service Linked to $40 Million in Fraud

Microsoft successfully disrupted RedVDS, a crimeware subscription service enabling phishing and BEC fraud, resulting in approximately $40 million in U.S. losses and impacting 191,000 organizations.

Jan 15, 2026

AI NewsCybersecurityAI Risk

Model Security Is the Wrong Frame – The Real Risk Is Workflow Security

AI security risks are shifting from models to workflows, highlighted by data theft from 900,000 users via malicious extensions and prompt injection attacks.

Jan 15, 2026

AI NewsCybersecuritySpyware

Predator Spyware Sample Indicates 'Vendor-Controlled' C2

Jamf research reveals Predator spyware reports deployment errors to its C2, suggesting Intellexa has greater control than previously acknowledged.

Jan 15, 2026

AI NewsCybersecurityNetwork Security

Palo Alto Fixes GlobalProtect DoS Flaw That Can Crash Firewalls Without Login

Palo Alto Networks patched CVE-2026-0227, a critical GlobalProtect vulnerability allowing unauthenticated DoS attacks that force firewalls into maintenance mode.

Jan 15, 2026

AI NewsCybersecurityPrompt Injection

Reprompt Attack Enables Single-Click Data Exfiltration From Microsoft Copilot

Researchers revealed a Reprompt attack allowing single-click data exfiltration from Microsoft Copilot, bypassing enterprise security controls.

Jan 15, 2026

AI NewsCybersecurityThreat Intelligence

AI-Powered Voice Cloning Bypass and Telecom Security Concerns Dominate This Week’s Threats

This week’s security bulletin highlights a new AI voice cloning evasion technique, a $26M crypto hack, and increased scrutiny of telecom security practices.

Jan 15, 2026

Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading

Microsoft & Anthropic MCP Servers at Risk of RCE, Cloud Takeovers

Zendesk Instances Leveraged in Mass Spam Campaigns

Anthropic MCP Git Server Vulnerabilities Enable RCE via Prompt Injection

Why Secrets in JavaScript Bundles are Still Being Missed

ChatGPT Health Raises Big Security, Safety Concerns

Google Gemini Prompt Injection Exposes Calendar Data via Malicious Invites

New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs

StealC Malware Panel Vulnerability Exposed Threat Actor Operations

Fortinet Exploits, AI-Powered Attacks & Emerging Malware Dominate Recent Cybersecurity Landscape

SAFEGUARD RECOVERY EXPERT: Crypto Asset Recovery Service

AI System Reduces Attack Reconstruction Time From Weeks to Hours

China-Linked APT Exploits Sitecore Zero-Day in Critical Infrastructure Intrusions

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

Malicious Chrome Extensions Target Workday & NetSuite for Account Takeover

GootLoader Malware Employs 500-1,000 Concatenated ZIP Archives for Evasion

LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing

More Problems for Fortinet: Critical FortiSIEM Flaw Exploited

Microsoft Disrupts RedVDS Cybercrime Service Linked to $40 Million in Fraud

Model Security Is the Wrong Frame – The Real Risk Is Workflow Security

Predator Spyware Sample Indicates 'Vendor-Controlled' C2

Palo Alto Fixes GlobalProtect DoS Flaw That Can Crash Firewalls Without Login

Reprompt Attack Enables Single-Click Data Exfiltration From Microsoft Copilot

AI-Powered Voice Cloning Bypass and Telecom Security Concerns Dominate This Week’s Threats