Tag: malicious
-
The First Malicious MCP Server is a Warning Shot for AI Cybersecurity
The first malicious Model Context Protocol (MCP) server has been discovered and we should all be worried how this is foreshadowing AI cybersecurity risks! Cybersecurity researchers at Koi Security detected malicious code within an MCP server that connects AI systems with Postmark email services. The code covertly copies every email and exfiltrates it back to…
-
GitHub Copilot prompt injection flaw leaked sensitive data from private repos
Stealing sensitive data from repositories: Mayraz then wondered: Because Copilot has access to all of a user’s code, including private repositories, would it be possible to abuse it to exfiltrate sensitive information that was never intended to be public? The short answer is yes, but it wasn’t straightforward.Copilot has the ability to display images in…
-
Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks
Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed to redirect users to sketchy sites.”Site visitors get injected content that was drive-by malware like fake Cloudflare verification,” Sucuri researcher Puja Srivastava said in an analysis published last week.The website security company First seen on…
-
Russian hackers turn to AI as old tactics fail, Ukrainian CERT says
Russian hackers are now using AI not only to write phishing messages but also to generate malicious code itself. First seen on therecord.media Jump to article: therecord.media/russian-hackers-turn-to-ai-ukraine-cert
-
ASCII Smuggling Attack in Gemini Tricks AI Agents into Revealing Smuggled Data
Enterprise AI assistants face a hidden menacewhen invisible control characters are used to smuggle malicious instructions into prompts. In September 2025, FireTail researcher Viktor Markopoulos tested several large language models (LLMs) for susceptibility to the long-standing ASCII Smuggling technique. His findings reveal that some widely adopted services still fail to strip out hidden Unicode tags,…
-
ASCII Smuggling Attack in Gemini Tricks AI Agents into Revealing Smuggled Data
Enterprise AI assistants face a hidden menacewhen invisible control characters are used to smuggle malicious instructions into prompts. In September 2025, FireTail researcher Viktor Markopoulos tested several large language models (LLMs) for susceptibility to the long-standing ASCII Smuggling technique. His findings reveal that some widely adopted services still fail to strip out hidden Unicode tags,…
-
Redis patches 13-Year-Old Lua flaw enabling Remote Code Execution
Redis warns of CVE-2025-49844, a Lua script flaw enabling RCE via use-after-free. Attackers need authenticated access to exploit it. Redis disclosed a critical RCE bug, tracked as CVE-2025-49844 (also known as “RediShell”, with a CVSS score of 10.0), where a malicious Lua script can exploit the garbage collector to trigger a use-after-free vulnerability and enable…
-
Hackers Exploit CSS Properties to Conceal Malicious Code in Hidden Text Salting Attacks
In a sophisticated evolution of email-based attacks, adversaries have begun leveraging Cascading Style Sheets (CSS) to inject hidden “salt”, irrelevant content used to confuse detection systems, deep within HTML emails. Cisco Talos’s year-long monitoring (March 1, 2024 July 31, 2025) reveals a marked increase in the abuse of CSS properties to conceal […] The post…
-
Hackers Exploit CSS Properties to Conceal Malicious Code in Hidden Text Salting Attacks
In a sophisticated evolution of email-based attacks, adversaries have begun leveraging Cascading Style Sheets (CSS) to inject hidden “salt”, irrelevant content used to confuse detection systems, deep within HTML emails. Cisco Talos’s year-long monitoring (March 1, 2024 July 31, 2025) reveals a marked increase in the abuse of CSS properties to conceal […] The post…
-
Massive Attacks Targeting Palo Alto PAN-OS GlobalProtect Portals from 2,200 IPs
Cybersecurity researchers at GreyNoise have identified a dramatic escalation in malicious scanning activities targeting Palo Alto Networks PAN-OS GlobalProtect login portals, with attacks originating from over 2,200 unique IP addresses as of October 7, 2025. This represents a significant increase from the approximately 1,300 IPs initially observed on October 3, demonstrating the rapidly evolving nature…
-
Massive Attacks Targeting Palo Alto PAN-OS GlobalProtect Portals from 2,200 IPs
Cybersecurity researchers at GreyNoise have identified a dramatic escalation in malicious scanning activities targeting Palo Alto Networks PAN-OS GlobalProtect login portals, with attacks originating from over 2,200 unique IP addresses as of October 7, 2025. This represents a significant increase from the approximately 1,300 IPs initially observed on October 3, demonstrating the rapidly evolving nature…
-
Massive Attacks Targeting Palo Alto PAN-OS GlobalProtect Portals from 2,200 IPs
Cybersecurity researchers at GreyNoise have identified a dramatic escalation in malicious scanning activities targeting Palo Alto Networks PAN-OS GlobalProtect login portals, with attacks originating from over 2,200 unique IP addresses as of October 7, 2025. This represents a significant increase from the approximately 1,300 IPs initially observed on October 3, demonstrating the rapidly evolving nature…
-
Massive Attacks Targeting Palo Alto PAN-OS GlobalProtect Portals from 2,200 IPs
Cybersecurity researchers at GreyNoise have identified a dramatic escalation in malicious scanning activities targeting Palo Alto Networks PAN-OS GlobalProtect login portals, with attacks originating from over 2,200 unique IP addresses as of October 7, 2025. This represents a significant increase from the approximately 1,300 IPs initially observed on October 3, demonstrating the rapidly evolving nature…
-
CISA Alerts on Zimbra Collaboration Suite Zero-Day XSS Flaw Exploited in Ongoing Attacks
CISA has issued a warning about a new zero-day cross-site scripting (XSS) flaw in the Zimbra Collaboration Suite (ZCS). This vulnerability is already in use by attackers to hijack user sessions, steal data, and push malicious filters. Organizations running ZCS should move quickly to apply available fixes or follow guidance to limit risk. Overview of…
-
CISA Alerts on Zimbra Collaboration Suite Zero-Day XSS Flaw Exploited in Ongoing Attacks
CISA has issued a warning about a new zero-day cross-site scripting (XSS) flaw in the Zimbra Collaboration Suite (ZCS). This vulnerability is already in use by attackers to hijack user sessions, steal data, and push malicious filters. Organizations running ZCS should move quickly to apply available fixes or follow guidance to limit risk. Overview of…
-
CISA Alerts on Zimbra Collaboration Suite Zero-Day XSS Flaw Exploited in Ongoing Attacks
CISA has issued a warning about a new zero-day cross-site scripting (XSS) flaw in the Zimbra Collaboration Suite (ZCS). This vulnerability is already in use by attackers to hijack user sessions, steal data, and push malicious filters. Organizations running ZCS should move quickly to apply available fixes or follow guidance to limit risk. Overview of…
-
Attackers Season Spam With a Touch of ‘Salt’
Researchers report an increase in the use of hidden content in spam and malicious email to confuse filters and other security mechanisms. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/attackers-season-spam-touch-salt
-
Threat actors use us to be efficient, not make new tools
A new report from the leader in the generative AI boom says AI is being used in existing workflows, instead of to create new ones dedicated to malicious hacking. First seen on cyberscoop.com Jump to article: cyberscoop.com/openai-threat-report-ai-cybercrime-hacking-scams/
-
Threat actors use us to be efficient, not make new tools
A new report from the leader in the generative AI boom says AI is being used in existing workflows, instead of to create new ones dedicated to malicious hacking. First seen on cyberscoop.com Jump to article: cyberscoop.com/openai-threat-report-ai-cybercrime-hacking-scams/
-
Phishers turn 1Password’s Watchtower into a blind spot
Vault keys at stake: Those who clicked on the phishing link earlier had too much to lose. The cloned landing page reportedly asked users for their 1Password login details, potentially giving attackers access to entire password vaults. With that single breach, everything from social accounts to banking credentials could be compromised.Malwarebytes urged users to remain…
-
Phishers turn 1Password’s Watchtower into a blind spot
Vault keys at stake: Those who clicked on the phishing link earlier had too much to lose. The cloned landing page reportedly asked users for their 1Password login details, potentially giving attackers access to entire password vaults. With that single breach, everything from social accounts to banking credentials could be compromised.Malwarebytes urged users to remain…
-
XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities
Cybersecurity researchers have charted the evolution of XWorm malware, turning it into a versatile tool for supporting a wide range of malicious actions on compromised hosts.”XWorm’s modular design is built around a core client and an array of specialized components known as plugins,” Trellix researchers Niranjan Hegde and Sijo Jacob said in an analysis published…
-
XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities
Cybersecurity researchers have charted the evolution of XWorm malware, turning it into a versatile tool for supporting a wide range of malicious actions on compromised hosts.”XWorm’s modular design is built around a core client and an array of specialized components known as plugins,” Trellix researchers Niranjan Hegde and Sijo Jacob said in an analysis published…
-
TDL 006 – Beyond the Firewall: How Attackers Weaponize Your DNS
Tags: access, attack, breach, business, cisa, ciso, computer, conference, control, cyber, data, data-breach, dns, exploit, firewall, google, government, group, guide, infrastructure, intelligence, Internet, iraq, jobs, leak, malicious, malware, network, phishing, ransomware, service, software, switch, threat, tool, windowsSummary Beyond the Firewall: How Attackers Weaponize Your DNS For many IT professionals, DNS is the internet’s invisible plumbing, historically managed by a “guy with a Unix beard in the basement,” as Infoblox educator Josh Kuo recalled on the Defenders Log podcast. But this foundational, often overlooked, protocol has become a primary vector for sophisticated…
-
Ghosts in the Machine: ASCII Smuggling across Various LLMs FireTail Blog
Oct 06, 2025 – Alan Fagan – Operationalizing Defense The key to catching ASCII Smuggling is monitoring the raw input payload, the exact string the LLM tokenization engine receives, not just the visible text. Ingestion: FireTail continuously records LLM activity logs from all your integrated platforms. Analysis: Our platform analyzes the raw payload data for…