Also: Gas Station Monitoring Systems Under Attack, Spanish Teen Doxer Arrested This week, more happened than fits here: Microsoft tried to make nice with researchers, gas tank gauges under attack in t…
cyberintel.kalymoon.com · 8224 articles · updated every 4 hours · grows forever
Also: Gas Station Monitoring Systems Under Attack, Spanish Teen Doxer Arrested This week, more happened than fits here: Microsoft tried to make nice with researchers, gas tank gauges under attack in t…
Hackers are exploiting the excitement around AI coding tools by targeting users who search for Claude Code installation guides. An active campaign uses fake installer pages to silently steal credentia…
A new and rapidly spreading malware campaign is putting macOS users at serious risk. Threat actors are using Google Ads to push fake desktop applications that secretly install a powerful backdoor on i…
A self-replicating worm has been quietly spreading across the npm registry using a method most security teams do not watch for. Instead of hiding inside package.json scripts, the attacker weaponized a…
Hackers are creating convincing fake websites that impersonate popular security tools to trick users into downloading malware. Instead of obvious phishing pages, these sites look almost identical to r…
Gartner analysts issued a call to action to bolster defenses against several emerging critical threats, such as deepfakes and prompt injections.
One of the world's most diverse, least-focused cybercrime groups is enlarging its footprint beyond East Asia.
Like Shai-Hulud, the campaign targets developers to steal credentials and reuses them to propagate across the software supply channel.
A new Magecart campaign is using Stripe's API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. [...]
The Windows version of the Hola Browser has been compromised in a supply chain attack that delivered an undeclared executable identified by researchers as a cryptocurrency miner. [...]
Brave has announced the public release of Brave Origin, a paid minimalist version of its browser that strips out cryptocurrency, AI, rewards, and other monetization-focused features. [...]
Canvas hack: Company pays criminals to delete students' stolen data BBC
Time for government, business leaders to figure out AI cybersecurity regulation Harvard Gazette
Does No Internet Also Mean No Water or Lights? The latest initiative from the U.S. cyber defense agency aimed at operational technology operators is a little bit different. It's not advice about how t…
Commission Proposes That Sensitive Public Data Should Be Kept Local The European Union's executive arm singled a strong dislike for U.S. cloud service provider participation in public-sector procureme…
Also: Former Hodlnaut CEO Charged and Stake DAO Hit by Exploit Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, the U.S. sanctioned Iran's largest exchange, ex-Hodlnaut…
Hackers have been hijacking Instagram accounts at scale by exploiting Meta's AI support chatbot. And, as if that weren't bad enough, the technique required no technical skill whatsoever. Read more in …
A next-generation Anthropic model has surfaced in restricted testing channels, but early distribution was already compromised before the evaluation formally began. References to claude-oceanus-v1-p be…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical remote code execution vulnerability affecting the Mirasvit Full Page Cache Warmer extensi…
A senior executive at a major global stock exchange had their Microsoft Outlook account silently compromised for five straight months, with attackers carefully siphoning emails in small batches to avo…
A newly discovered malware campaign called IronWorm has been silently targeting software developers through poisoned npm packages, stealing credentials, API keys, and even cryptocurrency wallet recove…
Critical Everest Forms Pro RCE flaw exploited to create rogue WordPress admin accounts
OpenAI has proposed mandatory federal evaluations of the most capable AI models before public release while arguing that regulators should stop short of deciding whether those systems can be deployed,…
Security researchers are warning of an issue with the default HTTP/2 configuration used by major web servers which reportedly survived more than a decade of human review before showing up in Codex-ass…