Computer webcams have long been suspected of peeping on folks; nothing unusual about that. But now theyve found a new role in conventional cyberattacks. At the recent BlackHat conference in Las Vegas, researchers presented the BadCam attack, which allows an attacker to reflash a webcam and execute malicious actions on show more ...
In response to a cyberattack that was first detected on Sunday, the governor shut down in-person services for state offices while restoration efforts are underway.
African nations work with Interpol and private-sector partners to disrupt cybercriminal operations on the continent, but more work needs to be done.
The financially motivated threat group used cloud resources to conduct a complex, ransomware-style attack against an enterprise victim.
A group tracked as UNC6395 engaged in "widespread data theft" via compromised OAuth tokens from a third-party app called Salesloft Drift.
The Mustang Panda APT is hijacking Google Chrome browsers when they attempt to connect to new networks and redirecting them to phishing sites.
"ZipLine" appears to be a sophisticated and carefully planned campaign that has already affected dozens of small, medium, and large organizations across multiple industry sectors.
Researchers raise the alarm that a new, rapidly evolving ransomware strain uses an OpenAI model to render and execute malicious code in real time, ushering in a new era of cyberattacks against enterprises.
The company said the threat actor abused its Claude Code service to "an unprecedented degree," automating reconnaissance, intrusions, and credential harvesting.
Flock acknowledged in a Monday blog post that it has engaged in “limited pilots” with CBP and Homeland Security Investigations, the law enforcement division of the Department of Homeland Security. It said the partnerships were meant to bolster the federal agencies’ efforts to fight human trafficking and fentanyl distribution.
Hackers are targeting American industrial firms by contacting them through their website forms, posing as potential business partners before infecting them with malware.
The three companies were accused of providing “cyber-related products and services to China’s intelligence services, including multiple units in the People’s Liberation Army and Ministry of State Security” since at least 2021, according to the advisory.
Spanish police have arrested a university student suspected of hacking the local government’s education management system to alter grades and gain access to professors’ emails.
A suspected ransomware attack on a Swedish software provider is believed to have impacted around 200 of the country’s municipal governments.
The U.S. Treasury Department announced new sanctions targeting key players in North Korea’s ongoing scheme to get its citizens hired as IT workers at American companies.
Failure to comply with consumer data access and deletion requests highlights the urgent need for standardized verification processes and stronger enforcement mechanisms to protect consumer privacy.
The financially motivated threat actor known as Storm-0501 has been observed refining its tactics to conduct data exfiltration and extortion attacks targeting cloud environments. "Unlike traditional on-premises ransomware, where the threat actor typically deploys malware to encrypt critical files across endpoints within the compromised network and then negotiates for a decryption key,
Cybersecurity company ESET has disclosed that it discovered an artificial intelligence (AI)-powered ransomware variant codenamed PromptLock. Written in Golang, the newly identified strain uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts in real-time. The open-weight language model was released by OpenAI earlier this month. "PromptLock
Anthropic on Wednesday revealed that it disrupted a sophisticated operation that weaponized its artificial intelligence (AI)-powered chatbot Claude to conduct large-scale theft and extortion of personal data in July 2025. "The actor targeted at least 17 distinct organizations, including in healthcare, the emergency services, and government, and religious institutions," the company said. "
A threat activity cluster known as ShadowSilk has been attributed to a fresh set of attacks targeting government entities within Central Asia and Asia-Pacific (APAC). According to Group-IB, nearly three dozen victims have been identified, with the intrusions mainly geared towards data exfiltration. The hacking group shares toolset and infrastructural overlaps with campaigns undertaken by threat
Employees are experimenting with AI at record speed. They are drafting emails, analyzing data, and transforming the workplace. The problem is not the pace of AI adoption, but the lack of control and safeguards in place. For CISOs and security leaders like you, the challenge is clear: you don’t want to slow AI adoption down, but you must make it safe. A policy sent company-wide will not cut it.
A widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence (AI) chat agent. The activity, assessed to be opportunistic in nature, has been attributed to a threat actor tracked by Google Threat Intelligence Group (GTIG) and Mandiant, tracked as UNC6395. GTIG told The Hacker
Cybersecurity researchers have discovered five distinct activity clusters linked to a persistent threat actor known as Blind Eagle between May 2024 and July 2025. These attacks, observed by Recorded Future Insikt Group, targeted various victims, but primarily within the Colombian government across local, municipal, and federal levels. The threat intelligence firm is tracking the activity under
Cephalus is a relatively new ransomware operation that emerged in mid-2025, and has already been linked to a wave of high-profile data leaks. Read more about it in my article on the Fortra blog.
The discovery of PromptLock shows how malicious use of AI models could supercharge ransomware and other threats
Cyberbullying is a fact of life in our digital-centric society, but there are ways to push back
Source: thehackernews.com – Author: . Citrix has released fixes to address three security flaws in NetScaler ADC and NetScaler Gateway, including one that it said has been actively exploited in the wild. The vulnerabilities in question are listed below – CVE-2025-7775 (CVSS score: 9.2) – Memory show more ...
Source: thehackernews.com – Author: . A team of academics has devised a novel attack that can be used to downgrade a 5G connection to a lower generation without relying on a rogue base station (gNB). The attack, per the ASSET (Automated Systems SEcuriTy) Research Group at the Singapore University of Technology show more ...
Source: thehackernews.com – Author: . Cybersecurity researchers are calling attention to a sophisticated social engineering campaign that’s targeting supply chain-critical manufacturing companies with an in-memory malware dubbed MixShell. The activity has been codenamed ZipLine by Check Point Research. show more ...
Source: thehackernews.com – Author: . A new large-scale campaign has been observed exploiting over 100 compromised WordPress sites to direct site visitors to fake CAPTCHA verification pages that employ the ClickFix social engineering tactic to deliver information stealers, ransomware, and cryptocurrency miners. show more ...
Source: www.cyberdefensemagazine.com – Author: Gary Driving through the quiet, endless beauty of the Nevada desert, I let the raspy voice of Jim Morrison carry me forward. “The End” played as the final song before I crossed into Las Vegas, a haunting yet strangely perfect soundtrack to mark the end of calm show more ...
Source: www.cyberdefensemagazine.com – Author: News team There’s a lot of noise around compliance. New regulations seem to pop up every year, each promising to fix the ever-growing list of security problems that come with the digital age. However, the EU’s Cyber Resilience Act (CRA) takes a different show more ...
Source: www.cyberdefensemagazine.com – Author: News team Cybersecurity has emerged as a critical and ongoing battle against a dynamic and pervasive global threat. The landscape is evolving rapidly, with adversaries increasingly gaining ground in this ongoing struggle. The frequency and severity of cyberattacks show more ...
Source: www.cyberdefensemagazine.com – Author: News team We live in an era where your next big idea could come from an employee working out of a cafe in Tokyo or on the beach in Bali. The digital nomad lifestyle has become more than a trend—it has transformed how we work. The onset of remote work offers show more ...
Source: www.cyberdefensemagazine.com – Author: News team Among the variety of cyber-attacks that we witness happening around us, Zero-day attacks are remarkably insidious in nature. Due to the fact that these attacks exploit the unknown vulnerabilities, zero-day attacks often inflict some form of damage show more ...
Source: news.sophos.com – Author: mindimcdowell This approach represents an evolution from threat actors abusing remote monitoring and management tools In August 2025, Counter Threat Unit™ (CTU) researchers investigated an intrusion that involved deployment of the legitimate open-source Velociraptor digital show more ...
Source: www.proofpoint.com – Author: 76% of CISOs anticipate a material cyberattack in the next year, with human risk and GenAI-driven data loss topping their concerns SUNNYVALE, Calif., August 26, 2025 – Proofpoint, Inc., a leading cybersecurity and compliance company today released its fifth annual Voice of show more ...
Source: securityaffairs.com – Author: Pierluigi Paganini Farmers Insurance suffered a breach tied to Salesforce attacks, exposing data of 1.1M customers across its nationwide insurance network. Farmers Insurance disclosed a data breach affecting 1,071,172 customers, linked to the recent wave of Salesforce show more ...
Source: securityaffairs.com – Author: Pierluigi Paganini Citrix addressed three vulnerabilities in NetScaler ADC and NetScaler Gateway, including one that has been actively exploited in the wild. Citrix addressed three security flaws (CVE-2025-7775, CVE-2025-7776, CVE-2025-8424) in NetScaler ADC and NetScaler show more ...
Source: securityaffairs.com – Author: Pierluigi Paganini French retailer Auchan suffered a data breach impacting hundreds of thousands of customers, with personal information stolen. French retailer Auchan suffered a data breach that impacted hundreds of thousands of customers, resulting in the theft of show more ...
Source: securityaffairs.com – Author: Pierluigi Paganini U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Citrix Session Recording, show more ...
Source: securityboulevard.com – Author: Michael Vizard Broadcom today added a slew of cybersecurity updates, including a technology preview of an update to VMware vDefend that secures communications between artificial intelligence (AI) agents, promising to improve overall resiliency and automate compliance show more ...
Source: securityboulevard.com – Author: Matthew Rosenquist Microsoft recently introduced a new framework designed to assess the security of AI models. It’s always encouraging to see developers weaving cybersecurity considerations into the design and deployment of emerging, disruptive technologies. Stronger show more ...
Source: securityboulevard.com – Author: Scott Caveza Citrix has released patches to address a zero-day remote code execution vulnerability in NetScaler ADC and NetScaler Gateway that has been exploited. Organizations are urged to patch immediately. Background On August 26, Citrix published a security advisory show more ...
Source: www.techrepublic.com – Author: Aminu Abdullahi We may earn from vendors via affiliate links or sponsorships. This might affect product placement on our site, but not the content of our reviews. See our Terms of Use for details. Hackers are using fake voicemails and purchase orders to spread UpCrypter show more ...
Source: securelist.com – Author: Alexander Kolesnikov Vulnerability registrations in Q2 2025 proved to be quite dynamic. Vulnerabilities that were published impact the security of nearly every computer subsystem: UEFI, drivers, operating systems, browsers, as well as user and web applications. Based on our show more ...
Source: thehackernews.com – Author: . A widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence (AI) chat agent. The activity, assessed to be opportunistic in nature, has been attributed show more ...
Source: thehackernews.com – Author: . Cybersecurity researchers have discovered five distinct activity clusters linked to a persistent threat actor known as Blind Eagle between May 2024 and July 2025. These attacks, observed by Recorded Future Insikt Group, targeted various victims, but primarily within the show more ...
Source: grahamcluley.com – Author: Graham Cluley In episode 65 of The AI Fix, a pigeon gives a PowerPoint presentation, Mark plays Graham a song about the Transformer architecture, a robot dog delivers parcels, some robots fall over at the World Humanoid Robot Games, and Graham takes credit for one of show more ...
Source: www.bitdefender.com – Author: Graham Cluley South Korean authorities have announced the extradition from Thailand and arrest of a suspected hacker, believed to be the mastermind behind an organised campaign of attacks that stole millions of dollars worth of stocks from celebrities, including BTS singer show more ...
Source: grahamcluley.com – Author: Graham Cluley A 26-year-old hacker, who breached websites in North America, Yemen, and Israel, and stole the details of millions of people has been sent to prison. Al-Tahery Al-Mashriky was arrested in August 2022 by members of the National Crime Agency (NCA) in Rotherham, show more ...
Source: www.csoonline.com – Author: News Analysis Aug 27, 20255 mins CyberattacksData BreachIncident Response Increasing security spending after a cyber incident is falling out of fashion, as boards evolve their risk strategies, accept fate, and seek to embrace AI for relief, sending cyber leaders to look show more ...
Source: www.csoonline.com – Author: Government cutbacks, defunding of critical public resources, tariffs, and market uncertainty are impacting cybersecurity budgets. Here’s how you can do more with less. As a veteran CISO for state and local agencies, Orange County CISO Andrew Alipanah knows how to optimize show more ...
Source: www.csoonline.com – Author: Researchers continue to find vulnerabilities that dupe models into revealing sensitive information, indicating that security measures are still being bolted onto AI. A series of vulnerabilities recently revealed by several research labs indicate that, despite rigorous show more ...
Source: www.csoonline.com – Author: One of their goals was to access other credentials to compromise other environments. A threat actor managed to obtain Salesforce OAuth tokens from a third-party integration called Salesloft Drift and used the tokens to download large volumes of data from impacted Salesforce show more ...
