Tag: attack
-
Check Point links VPN zero-day attacks to Qilin ransomware gang
Israeli cybersecurity company Check Point has released security updates to patch a critical flaw affecting Remote Access VPN and Mobile Access deployments, which was exploited in zero-day attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/check-point-links-vpn-zero-day-attacks-to-qilin-ransomware-gang/
-
Infosecurity Europe 2026: AI turbo-charging cyber crime and response
AI is accelerating cyber attacks by criminals and hostile states, with attackers faster, more persistent and increasingly collaborative, say experts speaking at Infosecurity Europe 2026 First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366643943/Infosecurity-Europe-2026-AI-turbo-charging-cyber-crime-and-response
-
VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks
Microsoft has announced that Visual Studio Code (VS Code) will apply a two-hour delay before extensions for the integrated development environment (IDE) are updated automatically to a newer version in an attempt to tackle software supply chain threats.”When automatic updates are enabled, new versions are auto-updated two hours after they are published, adding an extra…
-
When attacks spread too far: Lessons from real cyber attack case studies
In this Help Net Security video, Michael Adjei, Director, Systems Engineering at Illumio, explains three real world cyber attacks and what went wrong during detection. Adjei … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/08/cyber-attack-case-studies-video/
-
Hackers Exploit Claude Code MCP Traffic to Hijack OAuth Authentication Tokens
Threat researchers have uncovered a novel man-in-the-middle (MitM) attack chain targeting Anthropic’s Claude Code ecosystem, where adversaries hijack Model Context Protocol (MCP) traffic to steal OAuth authentication tokens and persist access to enterprise SaaS platforms. The technique, detailed by Mitiga, abuses weak protections around the local Claude Code configuration file (~/.claude.json), effectively turning it into…
-
New ChatGPT Lockdown Mode Aims to Block Prompt Injection and Data Exfiltration Attacks
OpenAI this week introduced Lockdown Mode, a security-focused setting for ChatGPT designed to reduce the risk of data exfiltration from prompt-injection attacks. The feature is rolling out to eligible personal accounts (Free, Go, Plus, Pro) and self-serve ChatGPT Business workspaces, and managed-workspace administrators can assign a Lockdown Mode role to members. Prompt injection is a…
-
Top 10 Best Software Composition Analysis (SCA) Tools for Security Teams in 2026
The complexity of modern software development requires security to be deeply embedded within the engineering pipeline rather than treated as an afterthought. With modern applications consisting of over 80% open-source components, the attack surface has shifted drastically. Whether you are managing extensive codebases or integrating third-party APIs, catching flaws before code is compiled is crucial.…
-
Automated Reconnaissance Is Reshaping Cyber Risk
A Telegram bot can turn a single email address into a detailed victim profile, making targeted attacks easier for cybercriminals. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/automated-reconnaissance-is-reshaping-cyber-risk/
-
OpenAI unveils Lockdown Mode to protect sensitive data from prompt injection attacks
Even with Lockdown Mode, ChatGPT could be still vulnerable to prompt injections, but the goal is to reduce the likelihood that sensitive data gets shared in the process. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/06/openai-unveils-lockdown-mode-to-protect-sensitive-data-from-prompt-injection-attacks/
-
‘Immediate national priority’: ministers accused of complacency over UK food supply
Cold storage and logistics body warns food supplies at risk from fuel shortages, cyber attacks and extreme weatherMinisters have been accused of being complacent about the risks to vital supplies of food into the UK amid concerns over fuel shortages, cyber attacks and extreme weather.The trade body for cold storage and logistics has urged the…
-
Malspam Campaign Abuses DoubleClick to Deploy Stealthy .NET Loader
A sophisticated new malspam campaign is actively exploiting Google’s DoubleClick ad-tracking infrastructure to bypass enterprise email security gateways. Discovered by researchers at Huntress, the attack utilizes highly personalized dynamic lures to initiate a complex, five-stage infection chain that actively dismantles local defenses before deploying process-hollowed payloads. The attack chain begins with a malicious HTML attachment,…
-
Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens
Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user’s GitHub token.”Just by clicking a link, it’s possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones,” security researcher Ammar Askar said.GitHub supports…
-
Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack
Microsoft’s GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain attack campaign.The incident impacted 73 Microsoft repositories across four of its GitHub organizations, including Azure, Azure-Samples, Microsoft, and MicrosoftDocs, per OpenSourceMalware. The development has GitHub to disable access to those repositories.”Access to this First seen on thehackernews.com Jump…
-
Hola browser supply chain attack delivers cryptocurrency miner
First seen on scworld.com Jump to article: www.scworld.com/brief/hola-browser-supply-chain-attack-delivers-cryptocurrency-miner
-
Hola browser supply chain attack delivers cryptocurrency miner
First seen on scworld.com Jump to article: www.scworld.com/brief/hola-browser-supply-chain-attack-delivers-cryptocurrency-miner
-
AI is shrinking the attack window. MSSPs need faster exposure decisions
First seen on scworld.com Jump to article: www.scworld.com/news/seemplicity-helps-security-teams-mssps-catch-up-with-ai-powered-attackers
-
AI is shrinking the attack window. MSSPs need faster exposure decisions
First seen on scworld.com Jump to article: www.scworld.com/news/seemplicity-helps-security-teams-mssps-catch-up-with-ai-powered-attackers
-
Exposed Fuel Tank Gauges Under Attack in the US
Threat actors are taking advantage of Internet-exposed tank gauges by breaching gas stations, opening the door to disruption. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/exposed-fuel-tank-gauges-attack-us
-
Six protobuf.js Vulnerabilities Expose RCE and DoS Risks
Six protobuf.js vulnerabilities could enable RCE, DoS attacks, and software supply chain compromise across enterprise environments. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/six-protobuf-js-vulnerabilities-expose-rce-and-dos-risks/
-
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust-based information stealer and a self-spreading worm, respectively.According to JFrog, the information stealer “scrapes every secret it can find on a developer’s machine, hides behind an eBPF kernel…
-
Silent Ransom Group (SRG): Switching To DNS Fast Flux Infrastructure
Tags: attack, cybersecurity, data-breach, dns, group, infrastructure, intelligence, law, malicious, network, ransomResearchers exposed the Silent Ransom Group ‘s Fast Flux infrastructure as the FBI warns of ongoing attacks targeting U.S. law firms and businesses. Resecurity uncovered the Silent Ransom Group (SRG)’s Fast Flux network infrastructure and shares available intelligence with the cybersecurity community to disrupt their malicious activities and enable ISP/DNS providers to counter this threat.…
-
Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps
Arabic-speaking users have emerged as the target of a new Android spyware codenamed Asin, according to findings from ESET.The Slovakian cybersecurity company said it first detected the malware spread via multiple campaigns in early 2025, with each attack wave making use of distinct websites mimicking utilities, war-related updates, and a government news source: govlens[.]net, which…
-
Over 900 US gas station tank gauge systems exposed to attacks
Over 900 automatic tank gauge (ATG) systems across the United States, used to monitor fuel and chemical storage tanks across various critical infrastructure sectors, have been found exposed online and are vulnerable to ongoing attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-900-us-gas-station-tank-gauge-systems-exposed-to-attacks/
-
What 2026 DBIR Confirms: Attacks Are Living in the Browser
Phishing, shadow AI, malicious extensions, and credential theft increasingly happen inside the browser. Keep Aware explains what the 2026 Verizon DBIR reveals about browser-layer security gaps and modern attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/what-2026-dbir-confirms-attacks-are-living-in-the-browser/
-
New Magecart Attack Abuses Stripe as Malware C2
A novel Magecart campaign that weaponizes legitimate cloud services to evade detection: attackers are storing a JavaScript skimmer inside Stripe customer metadata and delivering it to victim checkouts via Google Tag Manager. The combination makes Stripe both the command server for arbitrary code and the durable exfiltration sink for stolen card data, using domains (googletagmanager.com…
-
The Cyber Express Weekly Roundup: Cloud Extortion, Long-Term Espionage, Android Zero-Days, and Public Sector Security Reviews
The cybersecurity landscape in this weekly roundup continues to show a clear shift toward identity-driven attacks, long-term persistence operations, and exploitation of trusted cloud environments. Threat actors are increasingly focusing on stealing credentials, abusing administrative access, and leveraging legitimate platforms to scale impact across organizations. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/tce-weekly-roundup-extortion-android-cloud/
-
Attackers obtained encrypted password vaults from some Dashlane user accounts
Dashlane has disclosed new details about a brute-force attack that let a threat actor access some customer accounts and copy encrypted vaults. Dashlane said it found no … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/05/dashlane-brute-force-attack-vaults-customer-accounts/
-
Fake Context Alignment: The Attack That Made Gemini Obey Strangers Through Your Notifications
SafeBreach tricked Gemini into obeying attackers via WhatsApp notifications, using hidden foreign-language text to bypass Google’s defenses and control smart home devices. SafeBreach Labs researcher Or Yair spent months trying to break Google’s Gemini voice assistant after Google patched the vulnerabilities he found in his previous research. The new attack class he developed, named Fake…