Cybersecurity researchers have discovered what has been described as the first-ever instance of a Model Context Protocol (MCP) server spotted in the wild, raising software […]
Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security
Microsoft is calling attention to a new phishing campaign primarily aimed at U.S.-based organizations that has likely utilized code generated using large language models (LLMs) […]
New Olymp Loader Malware-as-a-Service Promises Defender Bypass with Auto Certificate Signing
Olymp Loader, a newly emerged Malware-as-a-Service (MaaS) offering, has rapidly gained traction across underground forums and Telegram since its debut on June 5, 2025. Developed […]
Cybercriminals Exploit Facebook and Google Ads as Tools for Stealing Sensitive Data
Cybercriminals expand malvertising campaigns from Facebook to Google Ads and YouTube, hijacking accounts to distribute crypto-stealing malware targeting financial platform users worldwide. A sophisticated malvertising […]
Formbricks Signature Verification Flaw Lets Attackers Reset User Passwords
A critical vulnerability in the open source Formbricks experience management toolbox allows attackers to reset any user’s password without authorization. Published three days ago as advisory GHSA-7229-q9pv-j6p4 […]
Coherence: Insider risk strategy’s new core principle
I have been addressing insiders and insider risks for the better part of 40 years. Different names, same issue: Those breaking trust and those making […]
Agentic AI in IT security: Where expectations meet reality
Agentic AI has quickly shifted from lab demos to real-world security operations centers (SOC) deployments. Unlike traditional automation scripts, autonomous software agents are designed to […]
New ModStealer Evades Antivirus, Targets macOS Users to Steal Sensitive Data
A sophisticated new malware strain targeting macOS users has emerged, capable of bypassing traditional antivirus solutions while specifically targeting developers and cryptocurrency holders. The cross-platform […]
SUSE Rancher Flaws Allow Attackers to Lock Out Admin Accounts
A critical security vulnerability in SUSE Rancher Manager has been discovered that enables attackers with elevated privileges to lock out administrative accounts, potentially disrupting entire Kubernetes cluster […]
SVG Files Abused to Deploy PureMiner Malware and Exfiltrate Data
Cybercriminals are exploiting SVG files as an initial attack vector in a multi-stage campaign designed to impersonate Ukrainian government communications. FortiGuard Labs has uncovered a […]