Tag: control
-
Microsoft Teams Relay Abused by Hackers to Hide Malicious Traffic
Tags: communications, control, cyber, exploit, hacker, infrastructure, malicious, microsoft, ransomware, threatMicrosoft Teams’ trusted infrastructure has been exploited by threat actors to secretly route malicious traffic, leading to a highly stealthy ransomware campaign attributed to the DragonForce group. Security researchers have discovered a novel technique in which attackers exploit Microsoft Teams’ TURN (Traversal Using Relays around NAT) servers to conceal command-and-control (C2) communications, making malicious activity…
-
Microsoft Teams Relay Abused by Hackers to Hide Malicious Traffic
Tags: communications, control, cyber, exploit, hacker, infrastructure, malicious, microsoft, ransomware, threatMicrosoft Teams’ trusted infrastructure has been exploited by threat actors to secretly route malicious traffic, leading to a highly stealthy ransomware campaign attributed to the DragonForce group. Security researchers have discovered a novel technique in which attackers exploit Microsoft Teams’ TURN (Traversal Using Relays around NAT) servers to conceal command-and-control (C2) communications, making malicious activity…
-
DragonForce Ransomware Exploited Microsoft Teams to Hide in Attack Against Major Company
Command and control traffic exploited a Teams visitor token to make malicious activity look legitimate to defenders First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/dragonforce-ransomware-hidden/
-
Ransomware gang abuses Microsoft Teams relays to hide malicious traffic
DragonForce ransomware used a custom malware named ‘Backdoor.Turn’ to hide command-and-control traffic inside Microsoft Teams relay infrastructure. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ransomware-gang-abuses-microsoft-teams-relays-to-hide-malicious-traffic/
-
Cybersecurity experts don’t think Anthropic’s Fable 5 presents a unique threat
Dozens of practitioners said the decision to place export controls on the foreign use of Fable are misguided, and recent jailbreak reports don’t show the model providing unique hacking capabilities. First seen on cyberscoop.com Jump to article: cyberscoop.com/cybersecurity-experts-anthropic-fable-5-not-unique-ai-threat/
-
Cybersecurity experts blast US government for restricting Anthropic’s AI models
Chief information security officers and prominent researchers called a recent export-control ban “dangerous.” First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/anthropic-us-government-export-ban-mythos-fable/822909/
-
Cybersecurity experts don’t think Anthropic’s Fable 5 presents a unique cybersecurity threat
Dozens of practitioners said the decision to place export controls on the foreign use of Fable are misguided, and recent jailbreak reports don’t show the model providing unique hacking capabilities. First seen on cyberscoop.com Jump to article: cyberscoop.com/cybersecurity-experts-anthropic-fable-5-not-unique-ai-threat/
-
Cybersecurity vets protest ‘dangerous’ US government ban on Anthropic’s most powerful models
A group made up of dozens of cybersecurity experts urged the White House to remove export control restrictions on Anthropic’s models Fable and Mythos, arguing that the order is going to limit the ability of cybersecurity defenders to secure their software and products. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/15/cybersecurity-vets-protest-dangerous-us-government-ban-on-anthropics-most-powerful-models/
-
1Password Buys Apono to Expand AI Access Governance
Buying New York Startup Adds Just-in-Time Authorization and Governance Controls. 1Password acquired access governance startup Apono to combine credential security, just-in-time authorization and intent-based access controls into a unified platform designed to govern humans, machines and AI agents while reducing risks tied to static permissions. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/1password-buys-apono-to-expand-ai-access-governance-a-31963
-
US Anthropic Export Controls Sparks Sharp EU Reaction
Decision to Restrict Access Exposes EU Dependency on US Made Models. The U.S. government’s decision to cut foreign nationals’ access to Anthropic’s most powerful AI models has sparked a massive increase in calls for Europe to reduce its reliance on American technology. Tech sovereignty has become a live topic in Europe. First seen on govinfosecurity.com…
-
US Cracks Down on Anthropic AI Models Amid Abuse Concerns
Anthropic abruptly suspended all access to Fable 5 and Mythos 5 after receiving an export control directive that banned foreign nationals from using the AI models. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/us-cracks-down-anthropic-ai-models-abuse-concerns
-
Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites
An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage, OptinMonster, and TrustPulse, turning those files into a way to break into the sites.When a site administrator was logged in as the file loaded, the code created an admin account under the attacker’s control and installed a hidden plugin that opened a…
-
Onspring CISO on where automated GRC systems fall short
In this interview with Help Net Security, Nichole Windholz, CISO at Onspring, talks about the limits of automated GRC systems and continuous control monitoring. She explains … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/15/nichole-windholz-onspring-automated-grc-systems/
-
Anthropic disables new models after government calls them a national security concern
The Commerce Department’s expert control decree led to the company shutting off access to Fable 5 and Mythos 5 worldwide, drawing sharp criticism from researchers and industry analysts. First seen on cyberscoop.com Jump to article: cyberscoop.com/us-government-anthropic-fable-5-mythos-5-export-controls/
-
Anthropic disables new models after government calls them a national security concern
The Commerce Department’s expert control decree led to the company shutting off access to Fable 5 and Mythos 5 worldwide, drawing sharp criticism from researchers and industry analysts. First seen on cyberscoop.com Jump to article: cyberscoop.com/us-government-anthropic-fable-5-mythos-5-export-controls/
-
Chinese hackers hijack auth flow, spy on isolated network for a decade
Chinese hackers took control of a target organization’s authentication stack and maintained persistence for 10 years, with full visibility into the administrative activity. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-hackers-hijack-auth-flow-spy-on-isolated-network-for-a-decade/
-
Chinese hackers hijack auth flow, spy on isolated network for a decade
Chinese hackers took control of a target organization’s authentication stack and maintained persistence for 10 years, with full visibility into the administrative activity. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-hackers-hijack-auth-flow-spy-on-isolated-network-for-a-decade/
-
US Pulls the Plug on Anthropic’s Top AI Models
Export-Control Order Forces Shutdown of Fable 5, Mythos 5. Days after launch, Anthropic pulled Fable 5 and Mythos 5 worldwide after a U.S. export-control order barred access by foreign nationals. The company says officials provided no written evidence of the alleged security risk and said the precedent could disrupt frontier AI deployments. First seen on…
-
US Pulls the Plug on Anthropic’s Top AI Models
Export-Control Order Forces Shutdown of Fable 5, Mythos 5. Days after launch, Anthropic pulled Fable 5 and Mythos 5 worldwide after a U.S. export-control order barred access by foreign nationals. The company says officials provided no written evidence of the alleged security risk and said the precedent could disrupt frontier AI deployments. First seen on…
-
Anthropic Blocks Fable 5 and Mythos 5 Following U.S. National Security Directive
Anthropic has disabled all access to its Fable 5 and Mythos 5 artificial intelligence models following a sudden export-control directive from the United States government. Issued at 5:21 PM ET on June 13, 2026, the directive cited pressing national security concerns and strictly prohibited any foreign national from accessing the models. This restriction extends beyond…
-
ISMG Editors: Anthropic Unleashes Claude Mythos 5
Also: Identity as the New Control Plane, Healthcare’s AI Governance Challenge. In this week’s panel, four ISMG editors discussed Anthropic’s ambitious release of the Mythos and Fable 5 models, how cybersecurity teams are strengthening identity in complex cloud environments and the healthcare industry’s efforts to govern artificial intelligence responsibly. First seen on govinfosecurity.com Jump to…
-
ISACA Survey: AI Adoption Is Rising, Visibility Is Not
Governance Professionals Struggle to Measure ROI and Control AI Systems. AI is becoming embedded across the enterprise, yet many organizations still can’t quantify its value or answer key questions about oversight and control. ISACA’s latest AI Pulse Poll reveals persistent uncertainty about AI ROI, governance and operational readiness, said GRCIE CEO Jenai Marinkovic. First seen…
-
The Cyber Express Weekly Roundup: AI Security Controls, Major Patch Releases, Public Sector Audits, and Emerging Online Scams
Tags: ai, control, cyber, cybercrime, cybersecurity, governance, government, risk, risk-management, scam, technology, threat, update, vulnerabilityThis week’s cybersecurity developments highlight a growing emphasis on proactive security measures, governance oversight, and risk management across both public and private sectors. From large-scale vulnerability remediation efforts and AI security enhancements to government-led technology reviews and event-driven cybercrime campaigns, organizations continue to face a complex threat landscape. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/tce-weekly-roundup-cybersecurity-ai/
-
OnyxC2 Stealer Uses Cloudflare-Fronted C2 to Exfiltrate Browser Data and Credentials
A new commercial-grade information stealer, marketed as OnyxC2, surfaced on cybercrime forums in early 2026 and demonstrates how commodity malware is increasingly packaged as a full-service product. For $250 a month buyers receive a web-based control panel, a payload builder, tiered licensing, and even refund guarantees if a build is detected lowering the barrier for…
-
OnyxC2 Stealer Uses Cloudflare-Fronted C2 to Exfiltrate Browser Data and Credentials
A new commercial-grade information stealer, marketed as OnyxC2, surfaced on cybercrime forums in early 2026 and demonstrates how commodity malware is increasingly packaged as a full-service product. For $250 a month buyers receive a web-based control panel, a payload builder, tiered licensing, and even refund guarantees if a build is detected lowering the barrier for…
-
Hackers Use UAE-India Diplomatic Lure to Deliver SHEETCREEP RAT via Google Sheets
An active espionage campaign tracked as SHEETCREEP that leverages a UAE”‘India diplomatic-themed ISO lure to deliver a compact C# remote access trojan (RAT) and uses Google Sheets as its command-and-control (C2) channel. The ISO, named UAE-India_Strategic_Partnership_Week.iso, contains a deceptively iconized LNK file that launches a C# dropper. The dropper extracts a decoy PDF to temp,…
-
Researcher Uses AI to Hack Google, Earns $500,000 Bug Bounty
Tags: access, ai, api, attack, bug-bounty, control, cyber, flaw, framework, google, infrastructure, service, vulnerabilityResearcher Arvin Shivram has earned $500,000 in bug bounties from Google’s Vulnerability Reward Program (VRP) by deploying an AI-powered fuzzing framework against Google’s internal API infrastructure, uncovering critical access-control flaws across multiple high-impact services in under 3 months. The research began after Shivram was invited to bugSWAT Mexico in October 2025, which reignited his interest in Google’s attack surface. Recognizing that…
-
Researcher Uses AI to Hack Google, Earns $500,000 Bug Bounty
Tags: access, ai, api, attack, bug-bounty, control, cyber, flaw, framework, google, infrastructure, service, vulnerabilityResearcher Arvin Shivram has earned $500,000 in bug bounties from Google’s Vulnerability Reward Program (VRP) by deploying an AI-powered fuzzing framework against Google’s internal API infrastructure, uncovering critical access-control flaws across multiple high-impact services in under 3 months. The research began after Shivram was invited to bugSWAT Mexico in October 2025, which reignited his interest in Google’s attack surface. Recognizing that…
-
South Korea Drops a $409M Fine on Coupang in Historic Data Breach Ruling
South Korea fined Coupang $409 million after regulators said weak security controls led to a massive breach affecting 37.5 million accounts. The post South Korea Drops a $409M Fine on Coupang in Historic Data Breach Ruling appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-coupang-record-fine-409m-apac-south-korea/
-
The Hidden Security Risks of Poor Software Testing
Poor Software Testing can expose hidden flaws, vulnerable dependencies and weak controls, increasing breach risks, downtime and costly fixes after release. First seen on hackread.com Jump to article: hackread.com/the-hidden-security-risks-of-poor-software-testing/