Tag: malicious
-
Multiple ChatGPT Security Bugs Allow Rampant Data Theft
Attackers can use them to inject arbitrary prompts, exfiltrate personal user information, bypass safety mechanisms, and take other malicious actions. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/multiple-chatgpt-security-bugs-rampant-data-theft
-
AI-Enabled Malware Now Actively Deployed, Says Google
Google warns of “just-in-time AI” malware using LLMs to evade detection and generate malicious code on-demand First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/aienabled-malware-actively/
-
EndClient RAT Leverages Compromised Code-Signing to Slip Past Antivirus
A sophisticated Remote Access Trojan (RAT) is actively targeting North Korean Human Rights Defenders (HRDs) through a campaign leveraging stolen code-signing certificates to evade antivirus detection. The newly discovered >>EndClient RAT,>StressClear.msi,
-
EndClient RAT Leverages Compromised Code-Signing to Slip Past Antivirus
A sophisticated Remote Access Trojan (RAT) is actively targeting North Korean Human Rights Defenders (HRDs) through a campaign leveraging stolen code-signing certificates to evade antivirus detection. The newly discovered >>EndClient RAT,>StressClear.msi,
-
Gootloader Returns with a New ZIP File Tactic to Conceal Malicious Payloads
Cybersecurity researchers have discovered a resurgent Gootloader malware campaign employing sophisticated new evasion techniques that exploit ZIP archive manipulation to evade detection and analysis. Credit for uncovering this latest threat goes to security researcher RussianPanda and the team at Huntress, identified the campaign actively targeting victims through compromised websites. Despite previous disruption efforts earlier this…
-
HackedGPT: New Vulnerabilities in GPT Models Allow Attackers to Launch 0-Click Attacks
Cybersecurity researchers at Tenable have uncovered a series of critical vulnerabilities in OpenAI’s ChatGPT that could allow malicious actors to steal private user data and launch attacks without any user interaction. The security flaws affect hundreds of millions of users who interact with large language models daily, raising significant concerns about the safety of AI.…
-
HackedGPT: New Vulnerabilities in GPT Models Allow Attackers to Launch 0-Click Attacks
Cybersecurity researchers at Tenable have uncovered a series of critical vulnerabilities in OpenAI’s ChatGPT that could allow malicious actors to steal private user data and launch attacks without any user interaction. The security flaws affect hundreds of millions of users who interact with large language models daily, raising significant concerns about the safety of AI.…
-
NDSS 2025 Safety Misalignment Against Large Language Models
SESSION Session 2A: LLM Security Authors, Creators & Presenters: Yichen Gong (Tsinghua University), Delong Ran (Tsinghua University), Xinlei He (Hong Kong University of Science and Technology (Guangzhou)), Tianshuo Cong (Tsinghua University), Anyu Wang (Tsinghua University), Xiaoyun Wang (Tsinghua University) PAPER Safety Misalignment Against Large Language Models The safety alignment of Large Language Models (LLMs) is…
-
Beware: 239 Dangerous Android Apps Found on Google Play with 40M+ Installs
Tags: android, cyber, cybersecurity, google, infrastructure, iot, malicious, marketplace, mobile, threatCybersecurity threats targeting mobile devices and critical infrastructure have reached alarming new heights, according to Zscaler’s latest research. The latest findings from Zscaler, Inc. (NASDAQ: ZS) expose a sophisticated campaign by threat actors who have successfully infiltrated Google’s official app marketplace with hundreds of malicious applications. The company’s ThreatLabz 2025 Mobile, IoT, and OT Threat…
-
Beware: 239 Dangerous Android Apps Found on Google Play with 40M+ Installs
Tags: android, cyber, cybersecurity, google, infrastructure, iot, malicious, marketplace, mobile, threatCybersecurity threats targeting mobile devices and critical infrastructure have reached alarming new heights, according to Zscaler’s latest research. The latest findings from Zscaler, Inc. (NASDAQ: ZS) expose a sophisticated campaign by threat actors who have successfully infiltrated Google’s official app marketplace with hundreds of malicious applications. The company’s ThreatLabz 2025 Mobile, IoT, and OT Threat…
-
Russia-linked ‘Curly COMrades’ turn to malicious virtual machines for digital spy campaigns
A cyber-espionage operation installed lightweight virtual machines to evade detection, researchers said, in the latest sign of Russia-linked hackers adapting their tactics. First seen on therecord.media Jump to article: therecord.media/virtual-machines-cyber-espionage-russia-linked-curly-comrades
-
Beware: 239 Dangerous Android Apps Found on Google Play with 40M+ Installs
Tags: android, cyber, cybersecurity, google, infrastructure, iot, malicious, marketplace, mobile, threatCybersecurity threats targeting mobile devices and critical infrastructure have reached alarming new heights, according to Zscaler’s latest research. The latest findings from Zscaler, Inc. (NASDAQ: ZS) expose a sophisticated campaign by threat actors who have successfully infiltrated Google’s official app marketplace with hundreds of malicious applications. The company’s ThreatLabz 2025 Mobile, IoT, and OT Threat…
-
Beware: 239 Dangerous Android Apps Found on Google Play with 40M+ Installs
Tags: android, cyber, cybersecurity, google, infrastructure, iot, malicious, marketplace, mobile, threatCybersecurity threats targeting mobile devices and critical infrastructure have reached alarming new heights, according to Zscaler’s latest research. The latest findings from Zscaler, Inc. (NASDAQ: ZS) expose a sophisticated campaign by threat actors who have successfully infiltrated Google’s official app marketplace with hundreds of malicious applications. The company’s ThreatLabz 2025 Mobile, IoT, and OT Threat…
-
Traffic Distribution System (TDS) abuse What’s hiding behind the veil?
Those who follow the DNS abuse landscape closely may have noticed a rise in activity and abuse reports related to TDS. The use of this infrastructure for malicious purposes is becoming increasingly common. In this blog, we look at how TDS are being exploited to facilitate abuse, why they present challenges for takedowns, and what…
-
Traffic Distribution System (TDS) abuse What’s hiding behind the veil?
Those who follow the DNS abuse landscape closely may have noticed a rise in activity and abuse reports related to TDS. The use of this infrastructure for malicious purposes is becoming increasingly common. In this blog, we look at how TDS are being exploited to facilitate abuse, why they present challenges for takedowns, and what…
-
Traffic Distribution System (TDS) abuse What’s hiding behind the veil?
Those who follow the DNS abuse landscape closely may have noticed a rise in activity and abuse reports related to TDS. The use of this infrastructure for malicious purposes is becoming increasingly common. In this blog, we look at how TDS are being exploited to facilitate abuse, why they present challenges for takedowns, and what…
-
Traffic Distribution System (TDS) abuse What’s hiding behind the veil?
Those who follow the DNS abuse landscape closely may have noticed a rise in activity and abuse reports related to TDS. The use of this infrastructure for malicious purposes is becoming increasingly common. In this blog, we look at how TDS are being exploited to facilitate abuse, why they present challenges for takedowns, and what…
-
Traffic Distribution System (TDS) abuse What’s hiding behind the veil?
Those who follow the DNS abuse landscape closely may have noticed a rise in activity and abuse reports related to TDS. The use of this infrastructure for malicious purposes is becoming increasingly common. In this blog, we look at how TDS are being exploited to facilitate abuse, why they present challenges for takedowns, and what…
-
Traffic Distribution System (TDS) abuse What’s hiding behind the veil?
Those who follow the DNS abuse landscape closely may have noticed a rise in activity and abuse reports related to TDS. The use of this infrastructure for malicious purposes is becoming increasingly common. In this blog, we look at how TDS are being exploited to facilitate abuse, why they present challenges for takedowns, and what…
-
Traffic Distribution System (TDS) abuse What’s hiding behind the veil?
Those who follow the DNS abuse landscape closely may have noticed a rise in activity and abuse reports related to TDS. The use of this infrastructure for malicious purposes is becoming increasingly common. In this blog, we look at how TDS are being exploited to facilitate abuse, why they present challenges for takedowns, and what…
-
Traffic Distribution System (TDS) abuse What’s hiding behind the veil?
Those who follow the DNS abuse landscape closely may have noticed a rise in activity and abuse reports related to TDS. The use of this infrastructure for malicious purposes is becoming increasingly common. In this blog, we look at how TDS are being exploited to facilitate abuse, why they present challenges for takedowns, and what…
-
HackedGPT: Novel AI Vulnerabilities Open the Door for Private Data Leakage
Tenable Research has discovered seven vulnerabilities and attack techniques in ChatGPT, including unique indirect prompt injections, exfiltration of personal user information, persistence, evasion, and bypass of safety mechanisms. Key takeaways: Tenable Research has discovered multiple new and persistent vulnerabilities in OpenAI’s ChatGPT that could allow an attacker to exfiltrate private information from users’ memories and…
-
HackedGPT: Novel AI Vulnerabilities Open the Door for Private Data Leakage
Tenable Research has discovered seven vulnerabilities and attack techniques in ChatGPT, including unique indirect prompt injections, exfiltration of personal user information, persistence, evasion, and bypass of safety mechanisms. Key takeaways: Tenable Research has discovered multiple new and persistent vulnerabilities in OpenAI’s ChatGPT that could allow an attacker to exfiltrate private information from users’ memories and…
-
HackedGPT: Novel AI Vulnerabilities Open the Door for Private Data Leakage
Tenable Research has discovered seven vulnerabilities and attack techniques in ChatGPT, including unique indirect prompt injections, exfiltration of personal user information, persistence, evasion, and bypass of safety mechanisms. Key takeaways: Tenable Research has discovered multiple new and persistent vulnerabilities in OpenAI’s ChatGPT that could allow an attacker to exfiltrate private information from users’ memories and…
-
APT60 Campaign: Malicious VHDX Hosted on Google Drive Lures Job Applicants
JPCERT/CC has issued an urgent warning about ongoing attacks by the advanced persistent threat group APT-C-60, which continues to target recruitment professionals in Japan through sophisticated spear-phishing campaigns. The attack campaign specifically impersonates job seekers contacting recruitment staff, exploiting the natural workflow of human resources professionals who regularly review candidate submissions. Between June and August…
-
APT60 Campaign: Malicious VHDX Hosted on Google Drive Lures Job Applicants
JPCERT/CC has issued an urgent warning about ongoing attacks by the advanced persistent threat group APT-C-60, which continues to target recruitment professionals in Japan through sophisticated spear-phishing campaigns. The attack campaign specifically impersonates job seekers contacting recruitment staff, exploiting the natural workflow of human resources professionals who regularly review candidate submissions. Between June and August…
-
Hundreds of Malware-Laden Apps Downloaded 42 Million Times From Google Play
Zscaler estimates 239 malicious Android apps made it onto the official Play store over the past year First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/apps-download-41-million-times/
-
10 promising cybersecurity startups CISOs should know about
Tags: access, ai, attack, automation, business, ceo, ciso, cloud, compliance, container, control, cybersecurity, data, deep-fake, defense, detection, endpoint, exploit, finance, gartner, google, governance, government, grc, ibm, identity, linux, malicious, microsoft, military, monitoring, network, open-source, ransomware, RedTeam, risk, saas, software, startup, supply-chain, technology, threat, tool, vulnerability, vulnerability-management, zero-trust2. Chainguard: Category: Software supply chain securityWhy they’re here: Founded in 2021 by Dan Lorenc (formerly at Microsoft and Google), Chainguard offers a Linux-based platform for securely building applications. The company has raised more than $600M and is valued at $3.5B. In fiscal year 2025, Chainguard reached a $40M annual run rate and by the…
-
10 promising cybersecurity startups CISOs should know about
Tags: access, ai, attack, automation, business, ceo, ciso, cloud, compliance, container, control, cybersecurity, data, deep-fake, defense, detection, endpoint, exploit, finance, gartner, google, governance, government, grc, ibm, identity, linux, malicious, microsoft, military, monitoring, network, open-source, ransomware, RedTeam, risk, saas, software, startup, supply-chain, technology, threat, tool, vulnerability, vulnerability-management, zero-trust2. Chainguard: Category: Software supply chain securityWhy they’re here: Founded in 2021 by Dan Lorenc (formerly at Microsoft and Google), Chainguard offers a Linux-based platform for securely building applications. The company has raised more than $600M and is valued at $3.5B. In fiscal year 2025, Chainguard reached a $40M annual run rate and by the…