Sat.Jun 14, 2025 - Fri.Jun 20, 2025

article thumbnail

Guardrails Breached: The New Reality of GenAI-Driven Attacks

Lohrman on Security

From vibe hacking to malware development to deepfakes, bad actors are discovering more vulnerabilities to attack generative AI tools while also using AI to launch cyber attacks.

article thumbnail

Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data

The Hacker News

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that's capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Publish your threat model!

Adam Shostack

We think you should publish your threat model, and we’re publishing our arguments. At ThreatModCon, I gave a talk titled “Publish Your Threat Model!” In it, I discussed work that Loren Kohnfelder and I have been doing to explore the idea, and today I want to share the slides and an essay form of the idea. We invite comments on the essay form, which is the most fleshed out.

Risk 130
article thumbnail

Output-driven SIEM — 13 years later

Anton on Security

Output-driven SIEM — 13 years later Output-driven SIEM! Apart from EDR and SOC visibility triad , this is probably my most known “invention” even though I was very clear that I stole this from the Vigilant crew back in 2011. Anyhow, I asked this question on X the other day: So, what year is this? Let me see … 2025! Anyhow, get a time machine, we are flying to 2012…. whooosh…. … we landed … no dinosaurs in sight so we didn’t screw the time settings.

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Where AI Provides Value

Schneier on Security

If you’ve worried that AI might take your job, deprive you of your livelihood, or maybe even replace your role in society, it probably feels good to see the latest AI tools fail spectacularly. If AI recommends glue as a pizza topping , then you’re safe for another day. But the fact remains that AI already has definite advantages over even the most skilled humans, and knowing where these advantages arise—and where they don’t—will be key to adapting to the AI-infused

article thumbnail

Palo Alto Networks fixed multiple privilege escalation flaws

Security Affairs

Palo Alto Networks addressed multiple vulnerabilities and included the latest Chrome patches in its solutions. Palo Alto Networks fixed seven privilege escalation vulnerabilities and integrated the latest Chrome security patches into its products. Palo Alto applied 11 Chrome fixes and patched CVE-2025-4233, a cache vulnerability impacting the Prisma Access Browser.

LifeWorks

More Trending

article thumbnail

Guardrails Breached: The New Reality of GenAI-Driven Attacks

Security Boulevard

From vibe hacking to malware development to deepfakes, bad actors are discovering more vulnerabilities to attack generative AI tools while also using AI to launch cyber attacks. The post Guardrails Breached: The New Reality of GenAI-Driven Attacks appeared first on Security Boulevard.

article thumbnail

Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet

Trend Micro

This blog uncovers an active campaign exploiting CVE-2025-3248 in Langflow versions before 1.3.0 that deploys the Flodrix botnet, enabling threat actors to achieve full system compromise, initiate DDoS attacks, and potentially exfiltrate sensitive data.

DDOS 87
article thumbnail

Canada’s second-largest airline WestJet is containing a cyberattack

Security Affairs

Canada’s airline WestJet has suffered a cyberattack that impactd access to some internal systems and the company app. WestJet is a Canadian airline that operates both domestic and international flights. Founded in 1996, it started as a low-cost carrier and has grown to become Canada’s second-largest airline, after Air Canada. WestJet is investigating a cybersecurity incident impacting some of its internal systems and mobile app, which has blocked access for several users.

article thumbnail

CVE-2025-49596: Critical RCE Vulnerability in MCP Inspector Exposes AI Developer Environments

Penetration Testing

A critical flaw (CVE-2025-49596, CVSS 9.4) in MCP Inspector allows unauthenticated remote code execution, threatening AI application development environments.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Here's why network infrastructure is vital to maximizing your company's AI adoption

Zero Day

X Trending Miss out on Nintendo Switch 2 preorders? Here's how to buy one Nintendo Switch 2 revealed: Specs, pricing, release date (out now), and more official details The $700 Android phone that made me forget about my Pixel 9 Pro Best small business web hosting services of 2025 Memorial Day headphone sales 2025 Best Linux VPNs of 2025 Best online video editors of 2025 Best CRM software of 2025 Best small business CRM software of 2025 Best free website builders of 2025 Best website builder

article thumbnail

Google Warns of Scattered Spider Attacks Targeting IT Support Teams at U.S. Insurance Firms

The Hacker News

The notorious cybercrime group known as Scattered Spider (aka UNC3944) that recently targeted various U.K. and U.S. retailers has begun to target major insurance companies, according to Google Threat Intelligence Group (GTIG). "Google Threat Intelligence Group is now aware of multiple intrusions in the U.S.

76
article thumbnail

What Is Vulnerability Prioritization? A No-Fluff Playbook

Security Boulevard

Vulnerabilities, on their own, don’t mean much. You could be staring at thousands of scanner alerts every week, but unless you know which ones truly matter, you’re just reacting to. The post What Is Vulnerability Prioritization? A No-Fluff Playbook appeared first on Strobes Security. The post What Is Vulnerability Prioritization? A No-Fluff Playbook appeared first on Security Boulevard.

72
article thumbnail

Zyxel Firewalls Under Attack via Critical CVE-2023-28771

Penetration Testing

Zyxel firewalls are under a coordinated attack exploiting critical RCE flaw CVE-2023-28771 (CVSS 9.8) via UDP port 500, likely by Mirai botnets.

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking at the International Conference on Digital Trust, AI and the Future in Edinburgh, Scotland on Tuesday, June 24 at 4:00 PM. The list is maintained on this page.

159
159
article thumbnail

U.S. Seizes $7.74M in Crypto Tied to North Korea’s Global Fake IT Worker Network

The Hacker News

The U.S. Department of Justice (DoJ) said it has filed a civil forfeiture complaint in federal court that targets over $7.74 million in cryptocurrency, non-fungible tokens (NFTs), and other digital assets allegedly linked to a global IT worker scheme orchestrated by North Korea. "For years, North Korea has exploited global remote IT contracting and cryptocurrency ecosystems to evade U.S.

article thumbnail

Minnesota Shooting Suspect Allegedly Used Data Broker Sites to Find Targets’ Addresses

WIRED Threat Level

The shooter allegedly researched several “people search” sites in an attempt to target his victims, highlighting the potential dangers of widely available personal data.

80
article thumbnail

Windows Hello Update: Microsoft Disables Facial Recognition in the Dark Due to Security Flaw

Penetration Testing

Microsoft disabled Windows Hello facial recognition in dark environments on Windows 10/11 due to a security flaw that could allow local spoofing attacks.

83
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Clone, Compile, Compromise: Water Curse’s Open-Source Malware Trap on GitHub

Trend Micro

The Trend Micro™ Managed Detection and Response team uncovered a threat campaign orchestrated by an active group, Water Curse. The threat actor exploits GitHub, one of the most trusted platforms for open-source software, as a delivery channel for weaponized repositories.

Malware 85
article thumbnail

Anubis Ransomware Encrypts and Wipes Files, Making Recovery Impossible Even After Payment

The Hacker News

An emerging ransomware strain has been discovered incorporating capabilities to encrypt files as well as permanently erase them, a development that has been described as a "rare dual-threat.

article thumbnail

Attackers target Zyxel RCE vulnerability CVE-2023-28771

Security Affairs

GreyNoise researchers have observed exploit attempts targeting the remote code execution vulnerability CVE-2023-28771 in Zyxel devices. On June 16, GreyNoise researchers detected exploit attempts targeting CVE-2023-28771 (CVSS score 9.8), a remote code execution flaw impacting Zyxel IKE decoders over UDP port 500. “Exploitation attempts against CVE-2023-28771 were minimal throughout recent weeks.

article thumbnail

Team46 (TaxOff) Exploits Google Chrome Zero-Day (CVE-2025-2783) in Sophisticated Phishing Campaign

Penetration Testing

Team46 (TaxOff) is exploiting a Google Chrome sandbox escape zero-day (CVE-2025-2783) to deploy the multi-layered Trinper malware via phishing campaigns

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Novel TokenBreak Attack Method Can Bypass LLM Security Features

Security Boulevard

Researchers with HiddenLayers uncovered a new vulnerability in LLMs called TokenBreak, which could enable an attacker to get around content moderation features in many models simply by adding a few characters to words in a prompt. The post Novel TokenBreak Attack Method Can Bypass LLM Security Features appeared first on Security Boulevard.

64
article thumbnail

Backups Are Under Attack: How to Protect Your Backups

The Hacker News

Ransomware has become a highly coordinated and pervasive threat, and traditional defenses are increasingly struggling to neutralize it. Today’s ransomware attacks initially target your last line of defense — your backup infrastructure. Before locking up your production environment, cybercriminals go after your backups to cripple your ability to recover, increasing the odds of a ransom payout.

61
article thumbnail

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 49

Security Affairs

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Supply chain attack hits Gluestack NPM packages with 960K weekly downloads Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721 Destructive npm Packages Disguised as Utilities Enable Remote System Wipe AMOS Variant Distributed Via Clickfix In Spectrum-Themed Dynamic Delivery Campaign By Russian Speaking Hackers Demystifying Myth Stealer:

Malware 75
article thumbnail

Water Curse: GitHub Supply Chain Attack Spreads Malware via Fake Tools, Targets Devs & Gamers

Penetration Testing

Water Curse is using GitHub to distribute malicious open-source projects, weaponizing 76 accounts with multi-stage malware targeting developers, red teamers, and gamers.

Malware 67
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Protecting Against Origin Server DDoS Attacks

Security Boulevard

An origin server DDoS attack (sometimes referred to as direct-to-origin attack) is a technique used to bypass cloud-based DDoS protections – such as CDNs and WAFs – by targeting the origin server environment directly. Because the malicious traffic avoids the protective proxy layer, it hits the origin server unfiltered, potentially overwhelming systems that are not […] The post Protecting Against Origin Server DDoS Attacks appeared first on Security Boulevard.

DDOS 64
article thumbnail

Hard-Coded 'b' Password in Sitecore XP Sparks Major RCE Risk in Enterprise Deployments

The Hacker News

Cybersecurity researchers have disclosed three security flaws in the popular Sitecore Experience Platform (XP) that could be chained to achieve pre-authenticated remote code execution. Sitecore Experience Platform is an enterprise-oriented software that provides users with tools for content management, digital marketing, and analytics and reports.

60
article thumbnail

India-based car-sharing company Zoomcar suffered a data breach impacting 8.4M users

Security Affairs

Zoomcar disclosed a data breach impacting 8.4M users after attackers compromised its systems and contacted the company staff. Zoomcar is an India-based car-sharing and self-drive car rental company. Zoomcar discovered a data breach impacting 8.4M users after threat actors contacted the internal personnel claiming the compromise of internal systems. The company is investigating the security breach and has determined that the exposed information included names, contacts, and addresses.

article thumbnail

Two sslh Flaws Disclosed: Remote DoS Attacks Possible via Protocol Multiplexer

Penetration Testing

SUSE disclosed flaws in sslh (CVE-2025-46807, CVE-2025-46806) allowing remote DoS attacks via file descriptor exhaustion and unsafe memory access.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!