The company said the threat actor abused its Claude Code service to “an unprecedented degree,” automating reconnaissance, intrusions, and credential harvesting. ​The original article found […]
Nevada’s State Agencies Shutter in Wake of Cyberattack
In response to a cyberattack that was first detected on Sunday, the governor shut down in-person services for state offices while restoration efforts are underway. […]
Critical Zip Slip Bug Enables Malicious File Manipulation on Unzip
Path traversal flaws like Zip Slip, which give hackers the ability to alter file systems while decompressing, remain a serious danger in the ever-changing world […]
‘ZipLine’ Phishers Flip Script as Victims Email First
“ZipLine” appears to be a sophisticated and carefully planned campaign that has already affected dozens of small, medium, and large organizations across multiple industry sectors. […]
Storm-0501 Exploits Entra ID to Exfiltrate and Delete Azure Data in Hybrid Cloud Attacks
The financially motivated threat actor known as Storm-0501 has been observed refining its tactics to conduct data exfiltration and extortion attacks targeting cloud environments. “Unlike […]
Google: Salesforce Attacks Stemmed From Third-Party App
A group tracked as UNC6395 engaged in “widespread data theft” via compromised OAuth tokens from a third-party app called Salesloft Drift. ​The original article found […]
China Hijacks Captive Portals to Spy on Asian Diplomats
The Mustang Panda APT is hijacking Google Chrome browsers when they attempt to connect to new networks and redirecting them to phishing sites. ​The original […]
Someone Created First AI-Powered Ransomware Using OpenAI’s gpt-oss:20b Model
Cybersecurity company ESET has disclosed that it discovered an artificial intelligence (AI)-powered ransomware variant codenamed PromptLock. Written in Golang, the newly identified strain uses the […]
Whistleblower: DOGE put Social Security database covering 300 million Americans on insecure cloud
The Elon Musk–founded Department of Government Efficiency (DOGE) uploaded to an insecure Amazon Web Services server a copy of Americans’ Social Security data, risking the […]
Cephalus Ransomware Exploits RDP for Initial Access in Latest Attack Campaign
Cybersecurity researchers at Huntress identified a novel ransomware variant dubbed Cephalus, deployed in two separate incidents targeting organizations lacking robust access controls. This emerging threat, […]