News
-
"Election Day is Close, the Threat of Cyber Disruption is Real"According to Fortinet's recent threat report, cybercriminals, hacktivists, and nation-state actors have threatened to disrupt or take advantage of the US election.
-
"New ConfusedPilot Attack Targets AI Systems with Data Poisoning"Researchers from the University of Texas at Austin's SPARK Lab have identified "ConfusedPilot," a new cyberattack that targets Retrieval-Augmented Generation (RAG)-based Artificial Intelligence (AI) systems such as Microsoft 365 Copilot.
-
"Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates"A new malware campaign delivers "Hijack Loader" artifacts signed with legitimate code-signing certificates. Researchers at HarfangLab detected the activity, noting that the attack chains aim to deploy the "Lumma" infostealer.
-
"New CounterSEVeillance and TDXDown Attacks Target AMD and Intel TEEs"Intel and AMD have responded to security researchers' discoveries of new attack methods called "TDXDown" and "CounterSEVeillance" that target Trust Domain Extensions (TDX) and Secure Encrypted Virtualization (SEV) technology.
-
"New FASTCash Malware Linux Variant Helps Steal Money From ATMs"North Korean hackers are infecting financial institutions' payment switch systems with a new Linux variant of "FASTCash" to withdraw cash.
-
"Organizations Slow to Protect Doors Against Hackers: Researcher"Shawn Merdinger, a cybersecurity researcher, found that many organizations whose door access controllers he analyzed failed to protect them from hacker attacks.
-
"Volkswagen Says IT Infrastructure Not Affected After Ransomware Gang Claims Data Theft"The Volkswagen Group has recently made a public statement after a known ransomware group claimed to have stolen valuable information from the carmaker's systems.
-
"GitHub Patches Critical Vulnerability in Enterprise Server"Code hosting platform GitHub has recently released patches for a critical severity vulnerability in the GitHub Enterprise Server that could lead to unauthorized access to affected instances.
-
"Critical Vulnerability Patched in 101 Releases of WordPress Plugin Jetpack"Automattic recently announced patches for 101 versions of the popular WordPress security plugin Jetpack to resolve a critical severity vulnerability introduced in 2016.
-
"Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities"Splunk recently announced fixes for 11 vulnerabilities in Splunk Enterprise, two of which are high-severity bugs leading to remote code execution on Windows systems.
-
"Skills Shortages Now a Top-Two Security Risk for SMBs"According to a new study by Sophos, a shortage of cybersecurity expertise and capacity in global SMBs is fueling talent burnout and creating new opportunities for threat actors.
-
"Eight Million Users Install 200+ Malicious Apps from Google Play"Between June 2023 and April 2024, security researchers at Zscaler discovered over 200 malicious apps on Google Play, which is nominally a safer platform for Android downloads than third-party app stores.