Mon.Feb 24, 2025

article thumbnail

More Research Showing AI Breaking the Rules

Schneier on Security

These researchers had LLMs play chess against better opponents. When they couldn’t win, they sometimes resorted to cheating. Researchers gave the models a seemingly impossible task: to win against Stockfish, which is one of the strongest chess engines in the world and a much better player than any human, or any of the AI models in the study. Researchers also gave the models what they call a “scratchpad:” a text box the AI could use to “think” before making its next

article thumbnail

The GitVenom campaign: cryptocurrency theft using GitHub

SecureList

In our modern world, it’s difficult to underestimate the impact that open-source code has on software development. Over the years, the global community has managed to publish a tremendous number of projects with freely accessible code that can be viewed and enhanced by anyone on the planet. Very frequently, code published on the Internet serves as a source of inspiration for software developers whenever they need to implement a project feature, they often check whether the code they need

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

A large botnet targets M365 accounts with password spraying attacks

Security Affairs

A botnet of 130,000+ devices is attacking Microsoft 365 accounts via password-spraying, bypassing MFA by exploiting basic authentication. SecurityScorecard researchers discovered a botnet of over 130,000 devices that is conducting password-spray attacks against Microsoft 365 (M365) accounts worldwide. The attackers targeted accounts protected with basic authentication bypassing multi-factor authentication.

Passwords 119
article thumbnail

A week in security (February 17 – February 23)

Malwarebytes

Last week on Malwarebytes Labs: Healthcare security lapses keep piling up SecTopRAT bundled in Chrome installer distributed via Google Ads Google Docs used by infostealer ACRStealer as part of attack DeepSeek found to be sharing user data with TikTok parent company ByteDance Malwarebytes introduces native ARM support for Windows devices Google now allows digital fingerprinting of its users Macs targeted by infostealers in new era of cyberthreats Hard drives containing sensitive medical data foun

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

SpyLend Android malware found on Google Play enabled financial cyber crime and extortion

Security Affairs

CYFIRMA researchers discovered that the SpyLend Android malware was downloaded 100,000 times from the official app store Google Play. CYFIRMA researchers discovered an Android malware, named SpyLend, which was distributed through Google Play as Finance Simplified. The malware targets Indian users with unauthorized loan apps, enabling predatory lending, blackmail, and extortion.

Malware 117
article thumbnail

$1.5B Hack of Bybit Might Be the Largest Crypto Heist Ever

Tech Republic Security

Get details about how this cryptocurrency heist happened, and what Bybits CEO has said about it.

LifeWorks

More Trending

article thumbnail

Biggest-Ever Crypto Heist: $1.5B Stolen from Bybit

ZoneAlarm

In a stunning development shaking the digital asset world, cyber criminals executed the largest crypto heist ever recorded by siphoning approximately $1.5 billion from Bybit. The unprecedented breach has raised serious concerns over cyber security, particularly regarding the integrity of cold wallet storage, while intensifying speculation about state-backed hacker groups.

article thumbnail

Leaked Black Basta Chats Expose Ransomware Secrets & Infighting

eSecurity Planet

Over 200,000 internal messages from the notorious ransomware group Black Basta have surfaced online exposing deep divisions, ransom negotiations, and internal dysfunction. The leak, spanning a years worth of communications, was posted online by an anonymous user, reportedly in retaliation for the groups attack on Russian financial institutions. Cybersecurity experts are now poring over the data, uncovering a rare inside look at how one of the most feared ransomware groups operates and potentia

article thumbnail

Google Cloud Takes Steps to Guard Against Quantum Security Risks

Security Boulevard

Google Cloud is putting quantum-safe digital signatures into its Key Management Service, the latest steps int the cloud giant's plans to adopt post-quantum cryptography through its portfolio to mitigate security risks that likely will come with the arrival of fault-tolerant quantum computers. The post Google Cloud Takes Steps to Guard Against Quantum Security Risks appeared first on Security Boulevard.

Risk 69
article thumbnail

Quantum Computing's Impact on Cybersecurity and the Road Ahead

SecureWorld News

Microsoft's latest breakthrough in quantum computing is a game-changer across industries, promising advancements in everything from pharmaceuticals to materials science. But what about cybersecurity? As we move closer to scalable quantum computing, we must consider both the offensive and defensive implications. While quantum power poses risks to traditional encryption, it also opens the door to revolutionary cybersecurity advancements that could redefine how we protect data, detect threats, and

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Conducting Security Audits in Supply Chain Management

Security Boulevard

Cyberattacks against supply chains have risen recently, but many risks go unnoticed and unaddressed. As cybercrime grows, supply chain professionals must embrace regular security audits. The post Conducting Security Audits in Supply Chain Management appeared first on Security Boulevard.

article thumbnail

Why Gmail is replacing SMS codes with QR codes - and what it means for you

Zero Day

With SMS an unsecure method of authentication, Google is eyeing a more robust solution with QR codes.

article thumbnail

More Research Showing AI Breaking the Rules

Security Boulevard

These researchers had LLMs play chess against better opponents. When they couldnt win, they sometimes resorted to cheating. Researchers gave the models a seemingly impossible task: to win against Stockfish, which is one of the strongest chess engines in the world and a much better player than any human, or any of the AI models in the study. Researchers also gave the models what they call a scratchpad: a text box the AI could use to think before making its next move, providing researchers with a

article thumbnail

Security Roundup February 2025

BH Consulting

Curated advice, guidance, learning and trends in cybersecurity and privacy, as chosen by our consultants. The law’s long arm reaches wrongdoers Let’s start with some good news (for a change). Cybercriminals felt the heat from law enforcement last year, while ransomware payments fell. At the end of January, police forces from eight countries took down two of the worlds largest cybercrime forums.

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

This $300 Motorola has a better display and battery life than iPhone 16e - at half the price

Zero Day

The Moto G Power (2025) undercuts the competition with its 6.8-inch Full HD+ display and multi-day battery life.

131
131
article thumbnail

Australia Bans Kaspersky Software Over National Security and Espionage Concerns

The Hacker News

Australia has become the latest country to ban the installation of security software from Russian company Kaspersky, citing national security concerns. "After considering threat and risk analysis, I have determined that the use of Kaspersky Lab, Inc.

Software 121
article thumbnail

Need to download lots of Kindle books fast? The secret but risky trick that worked for me

Zero Day

Downloading your Kindle books one by one could take days. But with this clever step-by-step hack, you can grab 25 at a time and save your entire collection before Amazon locks it down this week.

Hacking 119
article thumbnail

Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA

The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2017-3066 (CVSS score: 9.

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

CVE-2025-27364 (CVSS 10): Remote Code Execution Flaw Found in MITRE Caldera, PoC Releases

Penetration Testing

A newly discovered vulnerability in MITRE Caldera, tracked as CVE-2025-27364, has been assigned a critical CVSS score of The post CVE-2025-27364 (CVSS 10): Remote Code Execution Flaw Found in MITRE Caldera, PoC Releases appeared first on Cybersecurity News.

article thumbnail

Google Cloud KMS Adds Quantum-Safe Digital Signatures to Defend Against Future Threats

The Hacker News

Google Cloud has announced quantum-safe digital signatures in Google Cloud Key Management Service (Cloud KMS) for software-based keys as a way to bulletproof encryption systems against the threat posed by cryptographically-relevant quantum computers.

article thumbnail

Inside the Telegram Groups Doxing Women for Their Facebook Posts

WIRED Threat Level

A WIRED investigation goes inside the Telegram groups targeting women who joined Are We Dating the Same Guy? groups on Facebook with doxing, harassment, and sharing of nonconsensual intimate images.

106
106
article thumbnail

FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services

The Hacker News

Various industrial organizations in the Asia-Pacific (APAC) region have been targeted as part of phishing attacks designed to deliver a known malware called FatalRAT.

Phishing 102
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Zen is my new favorite browser - and these 5 mods make it even better

Zero Day

Zen Browser has become my default because it's an improved take on Firefox. One feature helps to make it stand out and that's Zen Mods. Here are the ones I use.

98
article thumbnail

CVE-2025-1128: Everest Forms Plugin Exposes 100,000+ WordPress Sites to Complete Takeover

Penetration Testing

A severe security vulnerability, tracked as CVE-2025-1128, has been uncovered in the popular WordPress plugin, Everest Forms, placing The post CVE-2025-1128: Everest Forms Plugin Exposes 100,000+ WordPress Sites to Complete Takeover appeared first on Cybersecurity News.

article thumbnail

Need a Windows 10 alternative or still miss XP? This Linux distro is for you - and it's free

Zero Day

Free10 is a repacking of the Q40S Linux distribution and it makes an outstanding option for anyone looking to migrate from Windows to Linux.

96
article thumbnail

Search Engine Manipulation Leads to Backdoored App Downloads

Penetration Testing

Threat hunters at Hunt.io have uncovered a widespread malware campaign targeting Chinese-speaking users by distributing backdoored versions of The post Search Engine Manipulation Leads to Backdoored App Downloads appeared first on Cybersecurity News.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Having trouble hearing whispery TV dialogue? I found 3 ways to fix that

Zero Day

A few simple adjustments can really improve how those whispering talk scenes sound.

96
article thumbnail

Becoming Ransomware Ready: Why Continuous Validation Is Your Best Defense

The Hacker News

Ransomware doesnt hit all at onceit slowly floods your defenses in stages. Like a ship subsumed with water, the attack starts quietly, below the surface, with subtle warning signs that are easy to miss. By the time encryption starts, its too late to stop the flood. Each stage of a ransomware attack offers a small window to detect and stop the threat before its too late.

article thumbnail

Texting while driving? AI traffic cameras are watching you in these 5 states

Zero Day

After successful trials in Europe, 'Heads Up' cameras are coming to more places in the US. Here's how they work.

92
article thumbnail

Critical Mattermost Flaws (CVE-2025-20051, CVE-2025-24490, CVE-2025-25279) Expose Systems to File Read and SQL Injection Attacks

Penetration Testing

Mattermost, an open-source platform for team communication and collaboration, has addressed three critical security vulnerabilities affecting its Boards The post Critical Mattermost Flaws (CVE-2025-20051, CVE-2025-24490, CVE-2025-25279) Expose Systems to File Read and SQL Injection Attacks appeared first on Cybersecurity News.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!