New Fooder loader and memory-only tactics suggest MuddyWater has evolved from its usual noisy ops to more stealthy espionage operations. ​The original article found on […]
Researchers Use Poetry to Jailbreak AI Models
When prompts were presented in poetic rather than prose form, attack success rates increased from 8% to 43%, on average — a fivefold increase. ​The […]
India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse
India’s Department of Telecommunications (DoT) has issued directions to app-based communication service providers to ensure that the platforms cannot be used without an active SIM […]
Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools
Cybersecurity researchers have disclosed details of an npm package that attempts to influence artificial intelligence (AI)-driven security scanners. The package in question is eslint-plugin-unicorn-ts-2, which […]
GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools
The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions […]
Researchers Capture Lazarus APT’s Remote-Worker Scheme Live on Camera
A joint investigation led by Mauro Eldritch, founder of BCA LTD, conducted together with threat-intel initiative NorthScan and ANY.RUN, a solution for interactive malware analysis […]
Newly discovered malicious extensions could be lurking in enterprise browsers
A sprawling surveillance campaign targeting Google Chrome and Microsoft Edge users is just the latest evolution of a seven-year-long project to distribute malicious browser extensions. […]
DPRK’s ‘Contagious Interview’ Spawns Malicious Npm Package Factory
North Korean attackers have delivered more than 197 malicious packages with 31K-plus downloads since Oct. 10, as part of ongoing state-sponsored activity to compromise software […]
Ukrainian Hackers Target Russian Aerospace and Defense Sectors
Multiple Ukrainian hacktivist groups have launched an extensive spearphishing campaign targeting Russia’s critical aerospace and defence industries, according to a new threat intelligence report by […]
nopCommerce Flaw Lets Attackers Access Accounts Using Captured Cookies
Security researchers have uncovered a serious vulnerability in nopCommerce, a popular open-source ecommerce platform used by major companies, including Microsoft, Volvo, and BMW. The flaw […]