Cybersecurity

638 articles in this category (Page 23 of 27)

AI NewsCybersecurityAI Security

Balanced SOC Investment Cuts False Positives by 90% in Phishing Defense

A 2025 case study shows SOCs prevent sophisticated phishing attacks missed by detection tools, reducing false positives by 90%.

Nov 26, 2025

AI NewsCybersecurityThreat Intelligence

CISA Warns of Active Spyware Campaigns Hijacking Signal and WhatsApp Users

CISA alerts users to ongoing spyware campaigns targeting high-value individuals via Signal, WhatsApp, and Android, with identified campaigns impacting fewer than 200 WhatsApp users.

Nov 25, 2025

AI NewsCybersecurityMalware

DPRK's FlexibleFerret Expands macOS Credential Theft Campaign

North Korea-linked malware campaign uses social engineering to steal macOS credentials, leveraging fake job portals and Terminal exploits (2025).

Nov 25, 2025

AI NewsCybersecurityMalware

Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware

A new campaign leverages malicious Blender .blend files on CGTrader to install StealC V2, stealing data from browsers, plugins, and crypto wallets.

Nov 25, 2025

AI NewsCybersecurityThreat Intelligence

JackFix Attack Circumvents ClickFix Mitigations

JackFix, a new ClickFix variant, bypasses security mitigations with psychological phishing and runtime obfuscation, causing hundreds of VirusTotal reports.

Nov 25, 2025

AI NewsCybersecurityMalware

JackFix Campaign Leverages Fake Windows Updates to Deploy Multiple Stealers

The JackFix campaign utilizes deceptive fake Windows update pop-ups on adult websites to deliver multi-stage PowerShell malware, resulting in potential data theft and system compromise.

Nov 25, 2025

AI NewsCybersecurityThreat Intelligence

ToddyCat APT Enhances Tools to Steal Outlook Emails & Microsoft 365 Tokens

ToddyCat upgrades hacking tools like TCSectorCopy and TomBerBil to steal corporate email and Microsoft 365 access tokens, impacting data security.

Nov 25, 2025

AI NewsCybersecurityData Breach

Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys

Researchers uncovered 5GB of leaked credentials from JSONFormatter and CodeBeautify, impacting organizations across critical sectors.

Nov 25, 2025

AI NewsCybersecurityAI Ethics

Chinese DeepSeek-R1 AI Generates Insecure Code When Prompts Mention Tibet or Uyghurs

CrowdStrike found DeepSeek-R1 produces 50% more security vulnerabilities when prompted with politically sensitive topics like Tibet or Uyghurs.

Nov 24, 2025

AI NewsCybersecurityOpen Source Security

Infamous Shai-hulud Worm Resurfaces From the Depths

New Shai-hulud worm variant infects 25,000+ repositories by executing malicious code during preinstall.

Nov 24, 2025

AI NewsCybersecurityCloud Security

New Fluent Bit Flaws Expose Cloud to RCE and Stealthy Infrastructure Intrusions

Five critical vulnerabilities in Fluent Bit, used in billions of containers, enable remote code execution and cloud infrastructure takeovers.

Nov 24, 2025

AI NewsCybersecuritySupply Chain Attacks

Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft

25,000+ GitHub repos compromised by Sha1-Hulud via npm preinstall scripts stealing cloud credentials.

Nov 24, 2025

AI NewsCybersecurityMalware

ShadowPad Malware Exploits WSUS Vulnerability for System Access

ShadowPad malware is actively exploiting CVE-2025-59287 in WSUS, leading to full system compromise of vulnerable servers.

Nov 24, 2025

AI NewsCybersecurityAI Ethics

Vision Language Models Keep an Eye on Physical Security

Vision language models now enhance physical security with real-time monitoring, as seen in Ambient.ai's Pulsar system.

Nov 24, 2025

AI NewsCybersecurityThreat Intelligence

Scale IR Tabletop Exercises — Best Practices & Steps to Build a Plan

This week’s cybersecurity recap details a record 15.72 Tbps DDoS attack mitigated by Microsoft and multiple 0-day exploits affecting Fortinet and Chrome.

Nov 24, 2025

AI NewsCybersecurityAPT

China-Linked APT31 Leverages Cloud Services in Stealthy Russian IT Attacks

APT31 conducted a multi-year espionage campaign against Russian IT firms, successfully exfiltrating data via cloud services like Yandex Cloud.

Nov 22, 2025

AI NewsCybersecurityVulnerability Management

CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability

CISA added CVE-2025-61757, a critical 9.8 CVSS-rated flaw in Oracle Identity Manager, to its KEV catalog due to active exploitation.

Nov 22, 2025

AI NewsCybersecurityMalware

Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks

Matrix Push C2 exploits browser notifications for fileless phishing, priced at $150/month as malware-as-a-service.

Nov 22, 2025

AI NewsCybersecurityMalware

APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains

APT24's BADAUDIO malware compromised over 1,000 domains via supply chain attacks in a 3-year espionage campaign.

Nov 21, 2025

AI NewsCybersecurityInfrastructure

Cloudflare's One-Stop-Shop Convenience Takes Down Global Digital Economy

Cloudflare's 2025 outage disrupted 20% of global web traffic, exposing systemic risks of centralized infrastructure.

Nov 21, 2025

AI NewsCybersecurityAndroid

Google Brings AirDrop Compatibility to Android’s Quick Share Using Rust-Hardened Security

Google’s Quick Share now supports AirDrop, enhancing Android-iOS file sharing and blocking 115M fraud attempts in India.

Nov 21, 2025

AI NewsCybersecurityThreat Intelligence

6 Black Hat Laws: Cybersecurity's New Frontline Against Silent Attacks

A 2025 cybersecurity framework reveals how attackers exploit governance logic, not just code, to infiltrate enterprises.

Nov 21, 2025

AI NewsCybersecurityOAuth Security

Salesforce Flags Unauthorized Data Access via Gainsight-Linked OAuth Activity

Salesforce and Gainsight investigate OAuth abuse linked to ShinyHunters, impacting nearly 1,000 organizations.

Nov 21, 2025

AI NewsCybersecurityLegal

SEC Drops SolarWinds Case After Years of High-Stakes Cybersecurity Scrutiny

The SEC dismissed its case against SolarWinds after court rulings questioned allegations related to the 2020 APT29 supply chain attack.

Nov 21, 2025