Tag: attack
-
Microsoft Research: AI Can Generate Realistic Command-Line and Process Telemetry
Tags: ai, attack, cloud, cyber, cybersecurity, data, detection, endpoint, incident response, intelligence, microsoft, risk, threatA new approach showing how artificial intelligence can generate highly realistic command-line data and process telemetry potentially transforming how security teams build and test threat detection systems. Logs and telemetry form modern cybersecurity risk, powering threat detection, incident response, and forensic investigations across endpoints and cloud environments. However, collecting high-quality attack telemetry remains a persistent…
-
ICO Publishes Five-Step Plan to Counter Emerging AI-Powered Attacks
The Information Commissioner’s Office has released new guidance on how to mitigate the risk of AI-powered attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ico-steps-in-advice-handling-ai/
-
Palo Alto Networks bets on identity security for autonomous AI with Idira launch
Tags: ai, attack, business, ceo, ciso, cloud, credentials, cybersecurity, governance, identity, injection, intelligence, least-privilege, mfa, network, RedTeam, risk, soc, threat, tool, vulnerabilityCISOs navigate AI risks: For enterprises, the launch reflects a broader industry shift toward identity-centric cybersecurity models as organizations deploy generative AI tools, autonomous agents, and cloud-native applications at scale.Analysts say the growing number of non-human identities is creating operational and security challenges because many existing identity systems were originally built to manage employees and…
-
Most Organizations Now Use AI Agents for Sensitive Security Tasks
Semperis study finds 74% of organizations believe AI will increase attacks on identity infrastructure First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/most-organizations-ai-agents/
-
New Exim BDAT GnuTLS Vulnerability Enables Code Execution Attacks
A critical, stealthy vulnerability is lurking deep within Exim, the software powering a massive share of the world’s email infrastructure. Sitting exposed on the internet’s front lines, these message transfer agents are highly lucrative targets for ruthless threat actors. This newly unmasked memory corruption flaw arms attackers with the terrifying ability to remotely execute malicious…
-
West Pharmaceutical warns of ransomware attack impacting business operations
West Pharmaceutical Services filed a report with the Securities and Exchange Commission (SEC) on Monday evening warning customers that a hacker breached the company network on May 4, stole data and encrypted systems. First seen on therecord.media Jump to article: therecord.media/west-pharmaceutical-warns-of-ransomware-attack-impacting-operations
-
Mistral AI SDK, TanStack Router hit in npm software supply chain attack
Tags: ai, api, attack, breach, cloud, credentials, data, data-breach, exploit, github, kubernetes, malicious, malware, network, open-source, password, router, service, software, supply-chain, switch, vulnerabilitypull_request_target. This allows third-party workflows to run automatically, a way of avoiding maintainer approval fatigue, but means that the maintainer’s short-lived OIDC tokens become vulnerable to scraping.Armed with these tokens, the attacker were able to compromise the packages by injecting the malicious Mini Shai-Hulud malware, which propagated to other projects.The purpose is to steal developer…
-
AI-Built Zero-Day Nearly Powered Mass Attack
Google Says Criminals Used AI to Discover and Code Exploit. A cybercriminal group came close to launching a mass attack earlier this year, armed with a software exploit that an AI model had built from scratch, said Google researchers. Google said it worked with the affected vendor to patch the flaw before an attack could…
-
Google launches new Android security feature to help uncover spyware attacks
Intrusion Logging is a new part of Android’s Advanced Protection Mode, which aims to help protect human rights activists, journalists, and dissidents from government spyware attack and law enforcement forensic devices. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/12/google-launches-new-android-security-feature-to-help-uncover-spyware-attacks/
-
RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
RubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a “major malicious attack.””We’re dealing with a major malicious attack on Ruby Gems right now,” Maciej Mensfeld, senior product manager for software supply chain security at Mend.io, said in a post on X.…
-
Identity takes center stage as a leading factor in enterprise cyberattacks
A new report shows two-thirds of ransomware attacks began with an identity-related breach. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/identity-enterprise-cyberattacks-ai-ransomware/819977/
-
Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940)
Security researchers at XLab have outlined an active attack campaign targeting CVE-2026-41940, the recently disclosed vulnerability in cPanel WHM, and have linked it to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/12/cpanel-vulnerability-exploited-backdoor-cve-2026-41940/
-
Zoom Rooms and Workplace Flaws Expose Users to Elevated Access Attacks
A newly disclosed batch of vulnerabilities in Zoom’s software suite could give attackers the leverage they need to hijack systems. Zoom has released critical security updates to patch three distinct flaws affecting its Windows and iOS applications. The most dangerous of these vulnerabilities allows authenticated attackers to elevate their system privileges, effectively turning a standard…
-
Cushman and Wakefield Confirms Data Breach Impacting Over 310,000 Accounts
Global real estate powerhouse Cushman & Wakefield is the latest casualty in an escalating war of corporate extortion. Following a tense >>pay or leak<< standoff, the notorious ShinyHunters threat syndicate has carried out its threat, dumping hundreds of thousands of corporate records online. This massive exposure highlights the growing danger of identity-based attacks targeting massive…
-
Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/shai-hulud-attack-ships-signed-malicious-tanstack-mistral-npm-packages/
-
Open WebUI File Upload Vulnerability Enables 1-Click RCE Attack
A critical, unpatched vulnerability is actively threatening Open WebUI users, turning a simple profile picture upload into a gateway for complete system compromise. Security researchers have publicly disclosed a severe stored Cross-Site Scripting (XSS) flaw that enables 1-click Remote Code Execution (RCE) and full account hijacking. The security flaw resides in the profile image upload…
-
Developer workstations are the new beachhead
Tags: access, application-security, attack, authentication, cloud, container, control, credentials, edr, endpoint, exploit, github, group, Hardware, identity, incident response, infrastructure, malware, mfa, monitoring, network, software, supply-chain, threat, updateThe economics that drive the convergence: A typical developer workstation holds SSH keys, cloud provider credentials, container registry tokens, Git authentication tokens and CI/CD pipeline secrets. Many developers have administrative access to internal package registries and deployment infrastructure. Their machines often sit outside the hardened perimeter that security teams build around production systems.From an attacker’s…
-
WannaCry, the ransomware attack that changed the history of cybersecurity
WannaCry showed how unpatched flaws and leaked cyber tools can cripple global systems, reshaping cybersecurity defenses worldwide. In memory of the day the digital world was shaken, but learned to fight back. The WannaCry ransomware attack represents one of the most significant events in recent cybersecurity history, not only for its global scale but also…
-
Why patching SLAs should be the floor, not the strategy
SLAs measure discipline, not risk: Here’s the mental model I’ve been pushing with my peers. Think of patching SLAs the way you think of fire drills. Fire drills are necessary. They prove that, on a predictable cadence, your organization can execute a known procedure. No one in charge of a building full of people would…
-
Cline AI Agent Flaw Allows Attackers to Launch RCE Attacks
A critical security vulnerability in the Cline AI coding assistant’s kanban package exposes developers to remote code execution, data theft, and denial-of-service attacks by simply visiting a malicious website. Security researcher Sagilayani disclosed CVE-2026-44211 on GitHub four days ago, revealing that the kanban npm package bundled with the Cline CLI starts a WebSocket server on 127.0.0.1:3484 with zero Origin…
-
OpenAI’s Daybreak uses Codex Security to identify risky attack paths
OpenAI Daybreak is the company’s cybersecurity initiative focused on building AI-assisted software defense into the development process from the start. It combines OpenAI … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/12/openai-daybreak-openai-daybreak-vulnerability-validation-initiative/
-
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign.The affected npm packages have been modified to include an obfuscated JavaScript file (“router_init.js”) that’s designed…
-
Microsoft Warns: MistralAI PyPI Package Compromised with Malware
Mistral’s official Python client on PyPI has been pulled into the ongoing wave of AI supply”‘chain attacks, with Microsoft warning that version 2.4.6 of the mistralai package was backdoored to silently deploy a credential”‘stealing payload on Linux systems. The logic is designed to execute automatically whenever the package is imported, meaning developers simply using the library in…
-
BitUnlocker Downgrade Attack Bypasses Windows 11 Disk Encryption in Minutes
A proof-of-concept (PoC) exploit that demonstrates how attackers can bypass Windows 11 BitLocker disk encryption in under 5 minutes. Dubbed the >>BitUnlocker<< attack, this physical downgrade technique exploits a known vulnerability, CVE-2025-48804. Initially documented by the Microsoft STORM team in July 2025, the flaw exposes a critical weakness in how Secure Boot interacts with legacy…
-
Checkmarx Jenkins AST Plugin Compromised in KICS Supply Chain Attack
Supply chain campaign has now extended to Checkmarx’s Jenkins ecosystem, with attackers pushing a malicious Checkmarx Jenkins AST plugin to the official Jenkins Marketplace as part of the ongoing KICS/Trivy-linked compromise. The rogue release is identified as version 2026.5.09 and includes tampered plugin artifacts, while the last known-good Jenkins AST plugin build remains 2.0.13-829.vc72453fa_1c16, released…
-
Linux kernel maintainers suggest a ‘kill switch’ to protect systems until a zero-day vulnerability is patched
Tags: access, attack, business, control, cve, cybersecurity, exploit, flaw, group, incident response, infosec, linux, LLM, mitigation, risk, service, strategy, switch, technology, tool, update, vulnerability, zero-day), a logic bug which lets users easily obtain root access, and Dirty Frag, which abuses weaknesses in how the Linux kernel handles fragmented memory pages. The Dirty Frag attack combines two separate vulnerabilities affecting the Linux IPsec Encapsulating Security Payload (ESP) subsystem (CVE-2026-43284) and the RxRPC networking protocol (CVE-2026-43500). The proposal has set off a furious…