A security flaw affecting over 100,000 WordPress websites has been discovered in the AI Engine plugin, specifically impacting versions 2.9.3 and 2.9.4. The vulnerability, classified as an arbitrary file upload vulnerability, allows authenticated users, starting from subscriber-level access, to upload malicious files show more ...
_Yee_Xin_Tan_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
By creating a safe environment for open discussion, prioritizing human context alongside technical data, and involving diverse stakeholders, organizations can turn security incidents into accelerators of resilience.
ISC2 is launching a 6-course certification program to address the growing demand for AI security expertise. Courses cover topics such as AI fundamentals, ethics, and risks.
What if malware didn't require an operating system to function? How would anyone possibly notice, let alone disable it?
Security debt ahoy: Only about half of the code that the latest large language models (LLMs) create is cybersecure, and more and more of it is being created all the time.
The SIEM market is at a pivotal point as XDR platforms and generative AI shake up the security analytics space.
When trying to crack your way into a cyber career, true passion and a bold love of the industry is a must, if you want to set yourself apart from hundreds of other job applicants, according to Weave CISO Jessica Sica.
Beginning on October 12 a new program known as the Entry/Exit System (EES) will be launched, requiring biometric data instead of paper checks of passports in order to enter certain European countries.
Hackers have leaked flight records allegedly belonging to the CEO of the Russian airline Aeroflot following a major cyberattack that grounded flights.
Makers of the period tracking app Flo agreed to settle with plaintiffs in a suit alleging that millions of users' data was improperly shred with Meta.
Russia shut down mobile internet services more than 2,000 times in July as authorities ramped up digital restrictions in the name of security.
Authorities in Luxembourg said a nationwide telecommunications outage in July was caused by a deliberately disruptive cyberattack. Huawei networking products were reportedly the target.
Dark Reading's 2025 News Desk marks a decade of Black Hat USA memories. We're making our return with a slate of interviews that help you stay up on the latest research from Black Hat — no trip to Las Vegas required.
The threat actor linked to the exploitation of the recently disclosed security flaws in Microsoft SharePoint Server is using a bespoke command-and-control (C2) framework called AK47 C2 (also spelled ak47c2) in its operations. The framework includes at least two different types of clients, HTTP-based and Domain Name System (DNS)-based, which have been dubbed AK47HTTP and AK47DNS, respectively, by
Cybersecurity researchers have flagged a malicious npm package that was generated using artificial intelligence (AI) and concealed a cryptocurrency wallet drainer. The package, @kodane/patch-manager, claims to offer "advanced license validation and registry optimization utilities for high-performance Node.js applications." It was uploaded to npm by a user named "Kodane" on July 28, 2025. The
Just as triathletes know that peak performance requires more than expensive gear, cybersecurity teams are discovering that AI success depends less on the tools they deploy and more on the data that powers them The junk food problem in cybersecurity Imagine a triathlete who spares no expense on equipment—carbon fiber bikes, hydrodynamic wetsuits, precision GPS watches—but fuels their
Cybersecurity researchers have disclosed a now-patched, high-severity security flaw in Cursor, a popular artificial intelligence (AI) code editor, that could result in remote code execution. The vulnerability, tracked as CVE-2025-54135 (CVSS score: 8.6), has been addressed in version 1.3 released on July 29, 2025. It has been codenamed CurXecute by Aim Labs, which previously disclosed EchoLeak.
Cybersecurity researchers have detailed a new cluster of activity where threat actors are impersonating enterprises with fake Microsoft OAuth applications to facilitate credential harvesting as part of account takeover attacks. "The fake Microsoft 365 applications impersonate various companies, including RingCentral, SharePoint, Adobe, and Docusign," Proofpoint said in a Thursday report. The
Here's what you need to know about the inner workings of modern spyware and how to stay away from apps that know too much
Restricting end-to-end encryption on a single-country basis would not only be absurdly difficult to enforce, but it would also fail to deter criminal activity
Source: thehackernews.com – Author: . The Russian nation-state threat actor known as Secret Blizzard has been observed orchestrating a new cyber espionage campaign targeting foreign embassies located in Moscow by means of an adversary-in-the-middle (AitM) attack at the Internet Service Provider (ISP) level and show more ...
Source: thehackernews.com – Author: . Cybersecurity researchers have disclosed details of a new phishing campaign that conceals malicious payloads by abusing link wrapping services from Proofpoint and Intermedia to bypass defenses. “Link wrapping is designed by vendors like Proofpoint to protect users by show more ...
Source: thehackernews.com – Author: . The North Korea-linked threat actor known as UNC4899 has been attributed to attacks targeting two different organizations by approaching their employees via LinkedIn and Telegram. “Under the guise of freelance opportunities for software development work, UNC4899 show more ...
Source: thehackernews.com – Author: . Cyber threats and attacks like ransomware continue to increase in volume and complexity with the endpoint typically being the most sought after and valued target. With the rapid expansion and adoption of AI, it is more critical than ever to ensure the endpoint is adequately show more ...
Source: security.googleblog.com – Author: Kimberly Samra. Security Blog The latest news and insights from Google on security and safety on the Internet Original Post url: http://security.googleblog.com/2025/06/mitigating-prompt-injection-attacks.html Category & Tags: AI Security – AI Security Views: show more ...
Source: securityaffairs.com – Author: Pierluigi Paganini Russia-linked Secret Blizzard targets foreign embassies in Moscow via ISP-level AitM attacks, deploying custom ApolloShadow malware. Microsoft researchers uncovered a cyberespionage campaign by the Russia-linked APT group Secret Blizzard show more ...
Source: securityaffairs.com – Author: Pierluigi Paganini Hackers exploit a critical vulnerability, tracked as CVE-2025-5394 (CVSS score of 9.8), in the Alone WordPress theme to hijack sites. Threat actors are actively exploiting a critical flaw, tracked as CVE-2025-5394 (CVSS score of 9.8), in the “Alone – show more ...
Source: securityaffairs.com – Author: Pierluigi Paganini Critical flaws in Dahua cameras let hackers take control remotely. The vendor has released patches, users should update firmware asap. Bitdefender cybersecurity experts discovered serious vulnerabilities in Dahua smart cameras that could have allowed show more ...
Source: securityaffairs.com – Author: Pierluigi Paganini Researchers have released a decryptor for the ransomware FunkSec, allowing victims to recover their encrypted files for free. Researchers at Avast developed a decryptor for the FunkSec ransomware. Gen Digital researchers released a decryptor for the show more ...
Source: hackread.com – Author: Waqas. The Everest ransomware group is claiming responsibility for breaching Mailchimp, the popular marketing platform used to create, send and manage email campaigns and newsletters. The group made the announcement earlier today on its dark web leak site, claiming to have stolen show more ...
Source: hackread.com – Author: Deeba Ahmed. A sophisticated new ransomware campaign is actively tricking internet users around the world by employing fake verification pages to spread a dangerous threat called Epsilon Red malware. This critical finding is revealed in the latest threat intelligence report by show more ...
Source: www.securityweek.com – Author: Eduard Kovacs Browser security firm LayerX has disclosed a new attack method that works against popular gen-AI tools. The attack involves browser extensions and it can be used for covert data exfiltration. The method, named Man-in-the-Prompt, has been tested against show more ...
Source: www.infosecurity-magazine.com – Author: A sophisticated Android banking Trojan, dubbed “DoubleTrouble,” has recently expanded both its delivery methods and technical capabilities, posing a significant threat to users across Europe. Initially spread through phishing websites impersonating major show more ...
Source: www.infosecurity-magazine.com – Author: A new tool aimed at streamlining cyber incident response and helping organizations evict adversaries from compromised systems has been released by the US Cybersecurity and Infrastructure Security Agency (CISA). The Eviction Strategies Tool is a free resource show more ...
Source: www.infosecurity-magazine.com – Author: Ransomware actors are resorting to extreme measures to pressure victims into paying demands, including threats of physical harm to business executives. Over the past 12 months, executives were physically threatened in 40% of ransomware incidents, according to a show more ...
Source: thehackernews.com – Author: . The threat actor linked to the exploitation of the recently disclosed security flaws in Microsoft SharePoint Server is using a bespoke command-and-control (C2) framework called AK47 C2 (also spelled ak47c2) in its operations. The framework includes at least two different show more ...
Source: www.nist.gov – Author: Jody Jacobs, Julie Haney. Human-centered cybersecurity (also known as ‘usable security’) involves the social, organizational, and technological influences on people’s understanding of and interactions with cybersecurity. By taking a human-centered cybersecurity (HCC) show more ...
Source: www.nist.gov – Author: Joseph Near, David Darais, Mark Durkee. In this post, we talk with Dr. Xiaowei Huang and Dr. Yi Dong (University of Liverpool), Dr. Mat Weldon (United Kingdom (UK) Office of National Statistics (ONS)), and Dr. Michael Fenton (Trūata) who were winners in the UK-US show more ...
