-
"New Specula Tool Uses Outlook for Remote Code Execution in Windows"The new red team post-exploitation framework "Specula," released by the cybersecurity company TrustedSec, uses Microsoft Outlook as a Command-and-Control (C2) beacon for Remote Code Execution (RCE).
-
"Microsoft Says Ransomware Gangs Exploiting Just-Patched VMware ESXi Flaw"According to Microsoft's threat intelligence team, ransomware groups are exploiting a critical vulnerability in ESXi hypervisors to gain full administrative access on domain-joined systems less than a week after VMware shipped patches for the fla
-
"Average Data Breach Cost Jumps to $4.88 Million, Collateral Damage Increased"IBM released its annual "Cost of a Data Breach Report," which revealed that the global average cost of a data breach hit $4.88 million in 2024, as breaches become more disruptive and place additional demands on cyber teams.
-
"Stolen GenAI Accounts Flood Dark Web With 400 Daily Listings"Cybercriminals are selling stolen Generative Artificial Intelligence (GenAI) platform account credentials on underground markets.
-
"Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails"In a massive scam campaign dubbed "EchoSpoofing" by Guardio Labs, an unknown threat actor has sent millions of messages spoofing Best Buy, IBM, Nike, Walt Disney, and other popular companies by exploiting an email routing misconfiguration in email secu
-
"Department of Commerce Announces New Guidance, Tools 270 Days Following President Biden's Executive Order on AI"On the 270th day after President Biden's Executive Order (EO) on the Safe, Secure, and Trustworthy Development of Artificial Intelligence (AI), the US Department of Commerce announced the release of new guidance and software to help improve the safety,
-
"Microsoft 365 Users Targeted by Phishers Abusing Microsoft Forms"Phishing campaigns involving Microsoft Forms have increased to steal Microsoft 365 login credentials. Threat actors use breached business partners' and vendors' email accounts to send phishing emails.
-
"Millions of Websites Susceptible XSS Attack via OAuth Implementation Flaw"Researchers at Salt Labs have discovered and published details of a Cross-Site Scripting (XSS) attack that could affect millions of websites worldwide.
-
"Misconfigured Selenium Grid Servers Abused for Monero Mining"Threat actors are abusing a Selenium Grid misconfiguration to deploy a modified XMRig tool for Monero cryptocurrency mining.
-
"PKfail Vulnerability Allows Secure Boot Bypass on Hundreds of Computer Models"According to Binarly, there is a Secure Boot issue affecting hundreds of computer models. The vulnerability, called "PKfail," enables attackers to run malicious code during the device's boot process.
-
"FraudGPT and Other Malicious AIs Are the New Frontier of Online Threats. What Can We Do?"Researchers at Monash University give their insights on the rise of dark Large Language Models (LLMs), what we can do to protect ourselves, and the role of government in regards to regulations on Artificial Intelligence (AI).
-
"Researchers Improve Method to Discover Anomalies in Data"Washington State University researchers have developed an algorithm that improves upon discovering data anomalies, including in streaming data.
News