Tag: linkedin

Lack of isolation in agentic browsers resurfaces old vulnerabilities

Jan 13, 2026 7:02 PM

Tags: access, ai, api, attack, authentication, control, corporate, credentials, data, data-breach, defense, dns, email, exploit, finance, flaw, framework, github, google, hacker, healthcare, injection, Internet, leak, linkedin, LLM, malicious, mitigation, network, nvidia, organized, privacy, programming, risk, service, side-channel, threat, tool, training, unauthorized, update, vulnerability, xss

With browser-embedded AI agents, we’re essentially starting the security journey over again. We exploited a lack of isolation mechanisms in multiple agentic browsers to perform attacks ranging from the dissemination of false information to cross-site data leaks. These attacks, which are functionally similar to cross-site scripting (XSS) and cross-site request forgery (CSRF), resurface decades-old patterns…
Convincing LinkedIn comment-reply tactic used in new phishing

Jan 13, 2026 6:02 PM

Tags: linkedin, phishing, scam

Scammers are flooding LinkedIn posts with fake “reply” comments that appear to come from the platform, warning of bogus policy violations and urging users to click external links. Some even abuse LinkedIn’s official lnkd.in shortener, making the phishing attempts harder to spot. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/convincing-linkedin-comment-reply-tactic-used-in-new-phishing/
NIS2-Umsetzung: Neues BSI-Portal geht an den Start

Jan 8, 2026 2:01 PM

Tags: bsi, ceo, cloud, cyber, gartner, infrastructure, linkedin, nis-2, resilience, risk-analysis, risk-management, service, vulnerability

Unternehmen können sich ab sofort über das neue BSI-Portal als NIS2-Einrichtung registrieren und IT-Sicherheitsvorfälle melden.Seit Anfang Dezember gilt die EU-Sicherheitsrichtline NIS2 auch in Deutschland. Rund 29.500 Unternehmen sind dadurch verpflichtet, sich als NIS-2-Einrichtungen zu registrieren und dem Bundesamt für Sicherheit in der Informationstechnik (BSI) erhebliche Sicherheitsvorfälle zu melden. Vor diesem Hintergrund hat das BSI ein…
Top 10 Cybersecurity Predictions for 2026

Jan 1, 2026 10:52 AM

Tags: access, ai, api, application-security, attack, authentication, automation, awareness, backdoor, backup, best-practice, blockchain, breach, business, ceo, china, ciso, cloud, communications, compliance, computer, computing, conference, control, corporate, crypto, cryptography, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, deep-fake, defense, detection, disinformation, email, encryption, espionage, exploit, extortion, finance, fraud, governance, government, group, hacker, hacking, healthcare, identity, incident response, infrastructure, intelligence, Internet, iran, korea, law, linkedin, LLM, malicious, malware, mfa, military, monitoring, msp, mssp, network, nist, north-korea, organized, phishing, privacy, programming, ransom, ransomware, regulation, risk, risk-management, russia, scam, service, skills, soc, social-engineering, software, strategy, supply-chain, tactics, technology, theft, threat, tool, training, ukraine, update, vulnerability, vulnerability-management, warfare, windows, zero-day

Top 10 Cybersecurity Predictions for 2026 The year AI changes cybersecurity forever Cybersecurity predictions are an opportunity to look forward instead of back, to be proactive instead of reactive, and to consider how changes in attackers, technology, and the security industry will impact the sustainability of managing cyber risks. Gaining future insights to the threats, targets,…
Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Dec 22, 2025 1:19 PM

Tags: access, attack, automation, awareness, breach, china, conference, credentials, cybercrime, data, email, espionage, exploit, finance, government, group, hacker, hacking, linkedin, malicious, microsoft, military, phishing, qr, russia, tactics, threat, tool, unauthorized

Tools of the trade: What’s driving the surge is the availability of tools that make these attacks easy to execute. Proofpoint identified two primary kits: SquarePhish2 and Graphish.SquarePhish2 is an updated version of a tool originally published by Dell Secureworks in 2022. It automates the OAuth Device Grant Authorization flow and integrates QR code functionality.The…
Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Dec 22, 2025 1:19 PM

Tags: access, attack, automation, awareness, breach, china, conference, credentials, cybercrime, data, email, espionage, exploit, finance, government, group, hacker, hacking, linkedin, malicious, microsoft, military, phishing, qr, russia, tactics, threat, tool, unauthorized

Tools of the trade: What’s driving the surge is the availability of tools that make these attacks easy to execute. Proofpoint identified two primary kits: SquarePhish2 and Graphish.SquarePhish2 is an updated version of a tool originally published by Dell Secureworks in 2022. It automates the OAuth Device Grant Authorization flow and integrates QR code functionality.The…
The WAF must die some interesting thoughts FireTail Blog

Dec 19, 2025 4:19 PM

Tags: api, attack, authentication, control, firewall, Internet, linkedin, password, software, tool, unauthorized, vpn, waf

Dec 19, 2025 – Jeremy Snyder – A recent posting by Dr. Chase Cunningham from Ericom Software on LinkedIn took an interesting view on web application firewalls, most commonly known as a WAF. WAF’s Must Die Like the Password and VPN’s Here at FireTail.io, we are also not fans of a WAF. Why? We do…
Viele Daten aus LinkedIn – Ungeschützte Datenbank mit 4,3 Milliarden Datensätzen offengelegt

Dec 18, 2025 8:19 AM

Tags: linkedin

First seen on security-insider.de Jump to article: www.security-insider.de/ungeschuetzte-mongodb-datenbank-milliarden-datensaetze-entdeckt-a-6ce50b16a844e87e74568390f72c4900/
Viele Daten aus LinkedIn – Ungeschützte Datenbank mit 4,3 Milliarden Datensätzen offengelegt

Dec 18, 2025 8:19 AM

Tags: linkedin

First seen on security-insider.de Jump to article: www.security-insider.de/ungeschuetzte-mongodb-datenbank-milliarden-datensaetze-entdeckt-a-6ce50b16a844e87e74568390f72c4900/
4.3B LinkedIn-Style Records Found in One of the Largest Data Exposures Ever

Dec 16, 2025 5:19 PM

Tags: data, data-breach, identity, linkedin, phishing

An unsecured database exposed 4.3 billion LinkedIn-derived records, enabling large-scale phishing and identity-based attacks. The post 4.3B LinkedIn-Style Records Found in One of the Largest Data Exposures Ever appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-4-3-billion-linkedin-records-exposed/
4.3 Billion Records Exposed in Massive Lead-Generation Data Leak

Dec 15, 2025 8:19 PM

Tags: data, data-breach, identity, leak, linkedin, phishing

An unsecured database exposed 4.3 billion LinkedIn-derived records, enabling large-scale phishing and identity-based attacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/4-3-billion-records-exposed-in-massive-lead-generation-data-leak/
16TB of MongoDB Database Exposes 4.3 Billion Lead Gen Records

Dec 15, 2025 3:19 PM

Tags: cybersecurity, data, email, leak, linkedin, scam

Cybersecurity researchers discovered an unsecured 16TB database exposing 4.3 billion professional records, including names, emails, and LinkedIn data. Learn what happened, why this massive data leak enables new scams, and how to protect your PII. First seen on hackread.com Jump to article: hackread.com/mongodb-database-expose-lead-gen-records/
16TB of MongoDB Database Exposes 4.3 Billion Lead Gen Records

Dec 15, 2025 3:19 PM

Tags: cybersecurity, data, email, leak, linkedin, scam

Cybersecurity researchers discovered an unsecured 16TB database exposing 4.3 billion professional records, including names, emails, and LinkedIn data. Learn what happened, why this massive data leak enables new scams, and how to protect your PII. First seen on hackread.com Jump to article: hackread.com/mongodb-database-expose-lead-gen-records/
React Flaw Mitigation Leads to Cloudflare Outage

Dec 5, 2025 7:32 PM

Tags: firewall, flaw, linkedin, mitigation, network, waf

Outage Briefly Took Down Zoom, LinkedIn and Other Websites. Content delivery network giant Cloudflare is investigating a brief outage early Friday that took down multiple websites. The incident marks the second outage in the span of a month, although the causes are unrelated. It stemmed from how Cloudflare’s web application firewall parses requests. First seen…
Handala Hacker Group Targets Israeli High-Tech and Aerospace Professionals

Nov 27, 2025 3:49 PM

Tags: cyber, dark-web, data, group, hacker, linkedin, monitoring

A sophisticated cyber intimidation campaign by the Handala hacker group has targeted Israeli high-tech and aerospace professionals, publishing their personal information alongside aggressive, misleading descriptions that falsely label them as criminals. Security researchers monitoring dark web activity discovered the publication, which appears to rely primarily on data scraped from LinkedIn professional profiles. During ongoing dark…
OAuth token compromise hits Salesforce ecosystem again, Gainsight impacted

Nov 21, 2025 7:49 PM

Tags: access, ai, api, attack, authentication, breach, ceo, cisco, ciso, cloud, data, data-breach, exploit, extortion, gitlab, google, group, infrastructure, injection, intelligence, leak, linkedin, mandiant, metric, monitoring, risk, saas, supply-chain, theft, threat, tool, unauthorized, vulnerability

Google threat intelligence ties attack to ShinyHunters: The disclosure marks the latest chapter in an escalating pattern of attacks targeting OAuth tokens of trusted third-party SaaS integrations with Salesforce. According to Austin Larsen, principal threat analyst at Google Threat Intelligence Group, the campaign is tied to threat actors associated with ShinyHunters. This notorious extortion group…
OAuth token compromise hits Salesforce ecosystem again, Gainsight impacted

Nov 21, 2025 7:49 PM

Tags: access, ai, api, attack, authentication, breach, ceo, cisco, ciso, cloud, data, data-breach, exploit, extortion, gitlab, google, group, infrastructure, injection, intelligence, leak, linkedin, mandiant, metric, monitoring, risk, saas, supply-chain, theft, threat, tool, unauthorized, vulnerability

Google threat intelligence ties attack to ShinyHunters: The disclosure marks the latest chapter in an escalating pattern of attacks targeting OAuth tokens of trusted third-party SaaS integrations with Salesforce. According to Austin Larsen, principal threat analyst at Google Threat Intelligence Group, the campaign is tied to threat actors associated with ShinyHunters. This notorious extortion group…
Sneaky2FA phishing tool adds ability to insert legit-looking URLs

Nov 21, 2025 5:49 AM

Tags: access, ai, attack, awareness, breach, ciso, cloud, data, defense, detection, email, exploit, google, jobs, linkedin, malicious, malware, microsoft, phishing, risk, software, tactics, tool, training

A look at Sneaky2FA: Sneaky2FA operates through a full-featured bot on Telegram, says the report. Customers reportedly receive access to a licensed, obfuscated version of the source code and deploy it independently. This means they can customize it to their needs. On the other hand, the report notes, Sneaky2FA implementations can be reliably profiled and…
Sneaky2FA phishing tool adds ability to insert legit-looking URLs

Nov 21, 2025 5:49 AM

Tags: access, ai, attack, awareness, breach, ciso, cloud, data, defense, detection, email, exploit, google, jobs, linkedin, malicious, malware, microsoft, phishing, risk, software, tactics, tool, training

A look at Sneaky2FA: Sneaky2FA operates through a full-featured bot on Telegram, says the report. Customers reportedly receive access to a licensed, obfuscated version of the source code and deploy it independently. This means they can customize it to their needs. On the other hand, the report notes, Sneaky2FA implementations can be reliably profiled and…
ThreatsDay Bulletin: 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves

Nov 20, 2025 2:49 PM

Tags: attack, crime, crimes, crypto, flaw, hacker, hacking, iot, linkedin, malware, zero-day

This week has been crazy in the world of hacking and online security. From Thailand to London to the US, we’ve seen arrests, spies at work, and big power moves online. Hackers are getting caught. Spies are getting better at their jobs. Even simple things like browser add-ons and smart home gadgets are being used…
LinkedIn Phishing: die neue Spielwiese der Betrüger

Nov 19, 2025 11:49 AM

Tags: linkedin, phishing

LinkedIn Phishing ist ein wachsendes Problem. Das Netzwerk wurde zu einem guten Einstiegspunkt, um betrügerische Nachrichten zu verschicken. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/szene/linkedin-phishing-die-neue-spielwiese-der-betrueger-323192.html
China recruiting spies in the UK with fake headhunters and ‘sites like LinkedIn’

Nov 19, 2025 6:49 AM

Tags: china, linkedin

MI5 sounds the alarm about attempts to source sensitive information First seen on theregister.com Jump to article: www.theregister.com/2025/11/19/mi5_linkedin_china_spy_warning/
MI5 warns of Chinese spies using LinkedIn to gain intel on lawmakers

Nov 18, 2025 4:49 PM

Tags: china, linkedin

The alert identifies two specific LinkedIn profiles, featuring fake personas, that are being used by China’s Ministry of State Security in an attempt to build relationships in Westminster and gain intelligence. First seen on therecord.media Jump to article: therecord.media/mi5-warns-chinese-spies-using-linkedin-lawmakers
5 Reasons Why Attackers Are Phishing Over LinkedIn

Nov 17, 2025 2:49 PM

Tags: attack, email, linkedin, phishing, spear-phishing

Phishing attacks are no longer confined to the email inbox, with 1 in 3 phishing attacks now taking place over non-email channels like social media, search engines, and messaging apps.LinkedIn in particular has become a hotbed for phishing attacks, and for good reason. Attackers are running sophisticated spear-phishing attacks against company executives, with recent campaigns…
TDL 009 – Inside DNS Threat Intelligence: Privacy, Security Innovation

Nov 14, 2025 7:49 PM

Tags: access, apple, attack, automation, backup, best-practice, business, ceo, cisco, ciso, cloud, computer, control, corporate, country, crime, cybersecurity, data, dns, encryption, finance, firewall, government, infrastructure, intelligence, Internet, jobs, law, linkedin, malicious, marketplace, middle-east, monitoring, msp, network, office, privacy, regulation, risk, service, software, strategy, threat, tool, windows, zero-trust

Summary Inside DNS Threat Intelligence: Privacy, Security & Innovation In this episode of the Defenders Log, host David Redekop speaks with Tim Adams, the founder of the protective DNS resolver Scout DNS. Tim shares his origin story, explaining how he transitioned from a wireless network integrator to building his own DNS solution. He saw a…
Bundestag beschließt NIS2-Umsetzung

Nov 14, 2025 2:50 PM

Tags: backup, bsi, ciso, cloud, cyberattack, cyersecurity, germany, governance, Hardware, kritis, linkedin, nis-2, risk, risk-analysis, software, vulnerability-management

Ursprünglich hätte die EU-Richtlinie NIS2 bereits im Oktober 2024 in nationales Recht umgesetzt werden müssen. Der jetzt vom Bundestag beschlossene Gesetzesentwurf sorgt weiterhin für Gesprächsstoff. Der Bundestag hat den Gesetzesentwurf der Bundesregierung zur Umsetzung der NIS-2-Richtlinie am 13. November 2025 verabschiedet. Union, SPD und AfD stimmten dafür. Die Grünen, denen das Gesetzt nicht weit genug…
Copy-paste vulnerability hits AI inference frameworks at Meta, Nvidia, and Microsoft

Nov 14, 2025 1:49 PM

Tags: ai, authentication, cloud, data, data-breach, exploit, framework, google, infrastructure, Internet, linkedin, LLM, microsoft, nvidia, oracle, risk, vulnerability

Why this matters for AI infrastructure: The vulnerable inference servers form the backbone of many enterprise-grade AI stacks, processing sensitive prompts, model weights, and customer data. Oligo reported identifying thousands of exposed ZeroMQ sockets on the public internet, some tied to these inference clusters.If exploited, an attacker could execute arbitrary code on GPU clusters, escalate…
Copy-paste vulnerability hits AI inference frameworks at Meta, Nvidia, and Microsoft

Nov 14, 2025 1:49 PM

Tags: ai, authentication, cloud, data, data-breach, exploit, framework, google, infrastructure, Internet, linkedin, LLM, microsoft, nvidia, oracle, risk, vulnerability

Why this matters for AI infrastructure: The vulnerable inference servers form the backbone of many enterprise-grade AI stacks, processing sensitive prompts, model weights, and customer data. Oligo reported identifying thousands of exposed ZeroMQ sockets on the public internet, some tied to these inference clusters.If exploited, an attacker could execute arbitrary code on GPU clusters, escalate…
Crypto Exchanges Hacked Again for Over $100 Million

Nov 13, 2025 10:49 PM

Tags: crypto, cybercrime, cybersecurity, data, exploit, finance, linkedin, service, software, theft, vulnerability

Cybercriminals continue to target the cryptocurrency industry, this time with an exploit that affected the Balancer decentralized finance platform, with total losses exceeding $100 million and involving several exchanges that use the software across multiple chains. Some of the money was recovered, but over $90 million has been converted to Ethereum by the criminals, likely…
Filtert LinkedIn Nachrichten? Facebook-Filterung kaputt; Zeit zum Exit?

Nov 13, 2025 8:49 AM

Tags: ai, linkedin, microsoft, training

Ist noch jemand bei Microsofts asozialem Netzwerk LinkedIn oder bei Facebook? Seit Microsoft vor einigen Tagen Nutzerdaten zum AI-Training verwendet, scheint sich LinkedIn zu verschlechtern, wie mir ein Leser mitteilte. Es wird gefiltert, was das Zeug hält und der Leser … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/13/filtert-linkedin-nachrichten-zeit-zum-exit/