Flux RSS

Push Security has uncovered a new AiTM phishing campaign targeting TikTok for Business accounts using Google and TikTok themed login pages

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware

‘Q-Day’ and the cybersecurity problems it brings could come as early as 2029 as Google accelerates its post-quantum cryptography migration

The UK government has sanctioned Xinbi, described as “the second-largest illicit online marketplace ever”

World Leaks is a cyber extortion operation that steals sensitive data from organizations and threatens to leak it via the dark web if a ransom is not paid. Read more in my article on the Fortra blog.

Security researchers from Georgia Tech have observed a surge in reported CVEs for which the flaw was introduced by AI-generated code

Attackers rapidly exploited a critical Oracle WebLogic RCE flaw the same day exploit code was released, according to a CloudSEK honeypot study

EtherRAT hides C2 in Ethereum smart contracts via EtherHiding, steals wallets and credentials

PwC Annual Threat Dynamics report says AI-threats are the biggest concern of clients

OpenAI’s Safety Bug Bounty program seeks to address AI safety vulnerabilities beyond traditional security flaws

A disgruntled data analyst decides that the best response to losing his contract is to steal the entire company payroll database and demand $2.5 million in Bitcoin - signing his extortion emails from a company called "Loot." Meanwhile, two people drive up to the entrance of the UK's nuclear submarine base at Faslane and politely ask if they can have a look around. Tourists? Spies? Something in between? All this and more in episode 460 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Jenny Radcliffe.

Halcyon and Beazley Security track the return of Iranian ransomware group Pay2Key

The National Crime Agency has warned construction firms about surging invoice fraud

Cloud Android phones fuel financial fraud, evading detection and enabling dropper accounts

Cybersecurity company’s annual report issues warning over a “mass-marketed impersonation crisis” over attackers abusing legitimate credentials

The US Federal Communications Commission has placed all “consumer-grade” internet routers produced outside the US on its “covered list”

Python package LiteLLM compromised with credential-stealing malware linked to TeamPCP threat group

Expel has warned of malicious Chrome extensions stealing users’ AI conversations

A man has pleaded guilty to defrauding online music streaming platforms out of more than US $8 million, after creating hundreds of thousands of songs with AI, and then using bots to play them billions of times. Read more in my article on the Hot for Security blog.

UK police trumpet success of Operation Henhouse as they seize and freeze over £27m in suspected fraud proceeds