Flux RSS

Anthropic accused DeepSeek, Moonshot and MiniMax of illicitly using Claude to steal some of the AI model’s capabilities

CrowdStrike Global Threat Report warns how adversaries are leveraging AI to make campaigns more efficient and more effective

Supply chain worm mimicking Shai-Hulud malware spread via malicious npm packages, targeting AI tools has been identified by security researchers

Sophisticated Python malware uncovered in fraud probe shows obfuscation, disposable infrastructure

A low-skilled Russian-speaking attacker has used GenAI tools to help deploy a successful attack workflow targeting FortiGate instances

Advantest, a Japanese specialist in testing computer chips for major semiconductor manufacturers, has deployed incident response protocols following a cybersecurity incident

A new FBI Flash alert claims $20m was lost to ATM jackpotting attacks in 2025 alone

University of Mississippi Medical Center is still scrambling to respond to a ransomware attack last Thursday

Spain's police force has announced that it has arrested a 20-year-old man who they claim managed to book luxury hotel rooms worth up to €1,000 a night for just one euro cent. Read more in my article on the Hot for Security blog.

DDoS attack frequency has risen to ‘alarming levels,’ warns Radware report

A new Android malware implant using Google Gemini to perform persistence tasks was discovered on VirusTotal and analyzed by ESET

New Remcos RAT variant enhances real-time surveillance and evasion techniques to compromise Windows

Fraud campaign exploiting Indonesia’s Coretax resulted in $1.5m to $2m in losses via malicious apps

Forescout paper reveals ICS advisories hit a record 508 in 2025

A new cybercriminal toolkit uses proxies to mimic popular online services and represents a “significant escalation in phishing infrastructure,” warn researchers at Abnormal

Four serious new vulnerabilities affect Microsoft Visual Studio Code, Cursor and Windsurf extensions, three of which remain unpatched

Endor Labs has published details of six new vulnerabilities in popular AI assistant OpenClaw

Could America turn off Europe's internet? That’s one of the questions that Graham and special guest James Ball will be exploring as they discuss tech sovereignty. Could Gmail, cloud services, and critical infrastructure really become geopolitical leverage? And is anyone actually building a Plan B? Plus we explore if Meta is quietly plotting to turn its smart glasses into face-recognising surveillance specs? With reports of internal memos suggesting they plan to launch controversial features while everyone’s distracted by political chaos, we ask: is this innovation really wanted by the public... or something far creepier? All of this, and much more, in episode 455 of the award-winning "Smashing Security" podcast with cybersecurity veteran Graham Cluley, joined this week by journalist and author James Ball.

Cryptojacking campaign used pirated software to deploy a persistent XMRig miner with stealth tactics

AIs like Grok and Microsoft Copilot can be exploited as covert C2 channels for malware communication