Tag: attack
-
Vect 2.0 RaaS Expands Attacks Across Windows, Linux, and ESXi
Vect 2.0 Ransomware”‘as”‘a”‘Service (RaaS) operation is rapidly evolving into a multi”‘platform threat that can encrypt Windows, Linux, and VMware ESXi environments across modern hybrid infrastructures. The group runs a classic affiliate model, renting out its ransomware and TOR”‘based infrastructure to partners in exchange for a share of ransom payments. Its operators are strongly suspected to be…
-
WhatsApp’s encryption protects servers but leaves users exposed to client-side attacks
The use of encryption helps to secure WhatsApp’s infrastructure, but researchers at Black Hat Asia warn platform’s architecture is driving hackers to target user devices directly First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366642369/WhatsApps-encryption-protects-servers-but-leaves-users-exposed-to-client-side-attacks
-
WhatsApp’s encryption protects servers but leaves users exposed to client-side attacks
The use of encryption helps to secure WhatsApp’s infrastructure, but researchers at Black Hat Asia warn platform’s architecture is driving hackers to target user devices directly First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366642369/WhatsApps-encryption-protects-servers-but-leaves-users-exposed-to-client-side-attacks
-
New DHL Phishing Scam Uses 11-Step Attack Chain to Steal Passwords
Forcepoint’s X-Labs reports an 11-step DHL phishing scam that uses fake OTP codes and EmailJS to harvest user credentials and device telemetry. First seen on hackread.com Jump to article: hackread.com/dhl-phishing-scam-attack-chain-steal-passwords/
-
BlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack Lures
The North Korean group is using stolen victim videos, AI-generated avatars, and fake Zoom calls to scale malware attacks against cryptocurrency executives. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/bluenoroff-turns-victims-into-new-attack-lures
-
BlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack Lures
The North Korean group is using stolen victim videos, AI-generated avatars, and fake Zoom calls to scale malware attacks against cryptocurrency executives. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/bluenoroff-turns-victims-into-new-attack-lures
-
Paragon is not collaborating with Italian authorities probing spyware attacks, report says
Despite promising to help determine what happened with the hacks targeting journalists and activists in Italy, Israeli American spyware maker Paragon has reportedly not responded to authorities’ requests for information. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/28/paragon-is-not-collaborating-with-italian-authorities-probing-spyware-attacks-report-says/
-
Warum Identity Attack Path Management durch KI immer wichtiger wird
Unternehmen priorisieren aktuell Transparenz über Angriffspfade (43 %) und Rechtebeziehungen (36 %) höher als die Integration generativer oder agentischer KI (40 %) First seen on infopoint-security.de Jump to article: www.infopoint-security.de/warum-identity-attack-path-management-durch-ki-immer-wichtiger-wird/a44809/
-
Warum Identity Attack Path Management durch KI immer wichtiger wird
Unternehmen priorisieren aktuell Transparenz über Angriffspfade (43 %) und Rechtebeziehungen (36 %) höher als die Integration generativer oder agentischer KI (40 %) First seen on infopoint-security.de Jump to article: www.infopoint-security.de/warum-identity-attack-path-management-durch-ki-immer-wichtiger-wird/a44809/
-
Hugging Face LeRobot Flaw Opens Door to Remote Code Execution Attacks
A critical remote code execution (RCE) vulnerability has been uncovered in Hugging Face’s LeRobot, a popular open-source robotics machine learning framework. Tracked as CVE-2026-25874, the flaw carries a maximum CVSS severity score of 9.8 and allows unauthenticated attackers to execute arbitrary system commands on affected servers. With over 21,500 stars on GitHub, LeRobot’s widespread adoption…
-
Critical Cursor bug could turn routine Git into RCE
Tags: ai, attack, cvss, flaw, malicious, nvd, penetration-testing, phishing, rce, remote-code-executionExpanded attack surface with agentic IDEs: Novee warned that while traditional IDEs are passive, doing what developers explicitly tell them to do, Cursor’s AI agent interprets intent and autonomously decides which commands to run, which includes Git operations. And that’s where the problem lies.”In traditional pentesting, ‘client-side’ attacks targeting developer machines have always been a…
-
VECT: Ransomware by design, Wiper by accident
ey Takeaways Background VECT Ransomware is a Ransomware-as-a-Service (RaaS) program that made its first appearance in December 2025 on a Russian-language cybercrime forum. After claiming their first two victims in January 2026, the group got back into the public eye due to an announcement of a partnership with TeamPCP, the actor behind several supply-chain attacks…
-
6 Lessons Security Leaders Must Learn About AI and APIs
Most organizations treating AI security as a model problem are defending the wrong layer. Security teams filter prompts, patch jailbreaks, and tune model behavior, which is all necessary work, while the actual attack surface sits largely unexamined underneath. That surface is the API layer: the endpoints AI systems use to retrieve data, call tools, and…
-
GUEST ESSAY: How augmented reality (AR) can turn building images into ad space with no control
Every major building in America has three things: a physical address, a legal owner, and an unmonitored attack surface. Related: Sam Altman’s quest to usurp the browswer That surface extends from the ground up through every floor, every facade, and… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/guest-essay-how-augmented-reality-ar-can-turn-building-images-into-ad-space-with-no-control/
-
Fake Tax Audits and Updates Fuel Silver Fox Malware Campaign
A China-linked threat group known as Silver Fox is running a new wave of cyber campaigns using fake tax audit notifications and software update lures to deliver malware across Asia. Active since at least 2022, the group initially focused on financially motivated attacks but, since 2024, has evolved into a dual-purpose operation combining cybercrime and…
-
Stopping AiTM attacks: The defenses that actually work after authentication succeeds
Tags: 2fa, access, attack, authentication, awareness, breach, communications, compliance, control, credentials, data, defense, detection, email, finance, framework, identity, incident response, login, mfa, microsoft, monitoring, nist, passkey, phishing, risk, service, threat, tool, trainingThe 3 controls that close the gap: Control #1: Bind sessions to managed devices The most impactful single control for session security is requiring managed, compliant devices as a condition of accessing sensitive resources. When access policies, such as Microsoft Entra Conditional Access, require that the device presenting a session token is enrolled, managed and…
-
Sandworm Uses SSH-over-Tor Tunnel for Stealthy Long-Term Persistence
A significant evolution in Sandworm (APT-C-13) tradecraft, revealing the group’s use of SSH-over-Tor tunneling to achieve long-term, covert persistence inside targeted networks. Sandworm, also known as FROZENBARENTS, is a state-sponsored threat group active since 2014. It has consistently targeted government bodies, energy firms, and research institutions, focusing on intelligence collection. The attack begins with spear-phishing…
-
Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks
A Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited to the U.S. from Italy. Xu Zewei, 34, was arrested in July 2025 by Italian authorities for his alleged links to the Chinese state-sponsored threat group and for orchestrating cyber attacks against American organizations and government agencies between…
-
Critical LiteLLM Flaw Enables Database Attacks Through SQL Injection
Tags: access, api, attack, authentication, cve, cyber, cybercrime, exploit, flaw, injection, sql, vulnerabilityA critical pre-authentication SQL injection vulnerability, identified as CVE-2026-42208, has been discovered in the popular LiteLLM gateway, allowing attackers to access databases without credentials. Cybercriminals have already been observed exploiting this flaw to target high-value secrets such as API keys and provider credentials. Overview of the Vulnerability CVE-2026-42208 is a critical flaw in LiteLLM, an…
-
OilRig Hides C2 Config in Google Drive Image via LSB Steganography
APT-C-49 (OilRig), an Iranian state-sponsored advanced persistent threat group also known as APT34 and Helix Kitten, has deployed a sophisticated new attack campaign that conceals command-and-control configurations inside Google Drive images using LSB steganography. The group, which has been active since at least 2014, primarily targets government, energy, telecommunications, and financial sectors across the Middle…
-
Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover
An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according to new findings from Silverfort.Agent ID Administrator is a privileged built-in role introduced by Microsoft as part of its agent identity platform to handle all aspects of an AI agent’s identity lifecycle operations…
-
Diagnostic Fatigue: Why the Visibility Industry Just Hit Its Limit
For more than a decade, cybersecurity has sold one product under a thousand names: visibility. SIEM for events. EDR for endpoints. ASM for the attack surface. CNAPP for the cloud. Exposure management for everything else. Every category promised the same thing: if we could just see enough, we would finally secure enough. The visibility industry…The…
-
Chinese national extradited to US for pandemic-era Silk Typhoon attacks
Xu Zewei was allegedly directed by China’s intelligence services to conduct a sweeping espionage campaign to steal data on COVID-19 research and other U.S. policy interests. First seen on cyberscoop.com Jump to article: cyberscoop.com/xu-zewei-extradited-china-national-silk-typhoon-hafnium/
-
Ongoing supply-chain attack ‘explicitly targeting’ security, dev tools
Vendor confirms repo data exposure after Lapsus$ claims source code, secrets dump First seen on theregister.com Jump to article: www.theregister.com/2026/04/27/supply_chain_campaign_targets_security/
-
Wireless Network Security: WEP, WPA, WPA2 WPA3 Explained in 2026
Wireless security is important for protecting wireless networks and services from unwanted attacks in 2026. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/trends/the-best-security-for-wireless-networks/
-
GlassWorm malware attacks return via 73 OpenVSX “sleeper” extensions
A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 “sleeper” extensions that turn malicious after an update. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/glassworm-malware-attacks-return-via-73-openvsx-sleeper-extensions/
-
ADT Breach Exposes Data of 5.5 Million Customers, ShinyHunters Likely Behind Attack
The ShinyHunters extortion group is claiming responsibility for a breach of home and commercial security vendor ADT that exposed the data of 5.5 million customers. attack appears to be part of a larger and ongoing vishing campaign being run by the prolific threat actors. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/adt-breach-exposes-data-of-5-5-million-customers-shinyhunters-likely-behind-attack/