Tag: malicious
-
Emerging Agentic AI Security Vulnerabilities Expose Enterprise Systems to Widespread Identity-based Attacks
Security researchers have identified several critical ways attackers can exploit agentic AI systems to expose sensitive data and conduct malicious activity First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/emerging-agentic-ai-security-vulnerabilities-expose-enterprise-systems-to-widespread-identity-based-attacks/
-
Attackers Can Use Browser Extensions to Inject AI Prompts
A proof-of-concept attack shows how threat actors can use a poisoned browser extension to inject malicious prompts into a generative AI tool. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/attackers-use-browser-extensions-inject-ai-prompts
-
New JSCEAL Attack Aims to Steal Credentials and Wallets from Crypto App Users
Check Point Research (CPR) has identified a sophisticated malware campaign dubbed JSCEAL, which targets users of cryptocurrency trading applications through malicious advertisements and compiled JavaScript payloads. Active since at least March 2024, the operation has evolved to incorporate advanced anti-analysis techniques, including modular infection flows and the use of Node.js to execute compiled V8 JavaScript…
-
Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware
Threat actors have been observed exploiting a now-patched critical SAP NetWeaver flaw to deliver the Auto-Color backdoor in an attack targeting a U.S.-based chemicals company in April 2025.”Over the course of three days, a threat actor gained access to the customer’s network, attempted to download several suspicious files and communicated with malicious infrastructure linked to…
-
Enterprise LLMs Vulnerable to Prompt-Based Attacks Leading to Data Breaches
Security researchers have discovered alarming vulnerabilities in enterprise Large Language Model (LLM) applications that could allow attackers to bypass authentication systems and access sensitive corporate data through sophisticated prompt injection techniques. The findings reveal that many organizations deploying AI-powered chatbots and automated systems may be inadvertently exposing critical information to malicious actors. The vulnerability stems…
-
Chrome Vulnerabilities Allow Attackers to Hijack Memory and Run Malicious Code
Google has released an emergency security update for its Chrome browser to address critical vulnerabilities that could allow attackers to hijack system memory and execute malicious code on affected devices. The Stable channel has been updated to version 138.0.7204.183/.184 for Windows and Mac systems, and 138.0.7204.183 for Linux, with the rollout scheduled over the coming…
-
Google patches Gemini CLI tool after prompt injection flaw uncovered
README.md GNU Public License file of the sort that would be part of any open source repo.The researchers then uncovered a combination of smaller weaknesses that could be exploited together to run malicious shell commands without the user’s knowledge. The first weakness is that Gemini CLI sensibly allows users to allowlist frequent commands, for example,…
-
SquareX Discloses Architectural Limitations Of Browser DevTools In Debugging Malicious Extensions
Palo Alto, California, July 29th, 2025, CyberNewsWire Despite the expanding use of browser extensions, the majority of enterprises and individuals still rely on labels such as “Verified” and “Chrome Featured” provided by extension stores as a security indicator. The recent Geco Colorpick case exemplifies how these certifications provide nothing more than a false sense of…
-
Gemini CLI Vulnerability Allows Silent Execution of Malicious Commands on Developer Systems
Security researchers at Tracebit have discovered a critical vulnerability in Google’s Gemini CLI that enables attackers to silently execute malicious commands on developers’ systems through a sophisticated combination of prompt injection, improper validation, and misleading user interface design. The vulnerability, classified as a P1/S1 issue by Google’s security team, has been patched in the latest…
-
Auto-Color RAT targets SAP NetWeaver bug in an advanced cyberattack
Tags: access, ai, attack, cvss, cyberattack, cybersecurity, detection, dns, flaw, malicious, malware, network, rat, sap, update, vulnerability, zero-trustThe attack stopped in its tracks: Darktrace analysts detected the suspicious ELF download and a flurry of odd DNS and SSL connections to known malicious infrastructure. The British cybersecurity outfit claims its “Autonomous Response” intervened within minutes, restricting the device to its usual, legitimate activities while analysts investigated unusual behavior.Darktrace researchers said the malware stalled…
-
SquareX Discloses Architectural Limitations of Browser DevTools in Debugging Malicious Extensions
Tags: maliciousPalo Alto, California, 29th July 2025, CyberNewsWire First seen on hackread.com Jump to article: hackread.com/squarex-discloses-architectural-limitations-of-browser-devtools-in-debugging-malicious-extensions/
-
Critical CodeIgniter Flaw Exposes Millions of Web Apps to File Upload Attacks
A critical security vulnerability in CodeIgniter4’s ImageMagick handler has been discovered that could allow attackers to execute arbitrary commands on affected web applications through malicious file uploads. The vulnerability, tracked as CVE-2025-54418, has been assigned a maximum CVSS score of 10.0, indicating its severe nature and potential for widespread exploitation. Vulnerability Overview and Attack Vectors…
-
Supply Chain Attacks Spotted in GitHub Actions, Gravity Forms, npm
Researchers discovered backdoors, poisoned code, and malicious commits in some of the more popular tool developers, jeopardizing software supply chains. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/supply-chain-attacks-github-actions-gravity-forms-npm
-
Researchers flag flaw in Google’s AI coding assistant that allowed for ‘silent’ code exfiltration
The findings are part of a growing list of instances where “agentic” AI software has taken actions that are more akin to a malicious hacker than a helpful AI assistant. First seen on cyberscoop.com Jump to article: cyberscoop.com/google-gemini-cli-prompt-injection-arbitrary-code-execution/
-
Allianz Life Breach Tied to CRM Compromise
Attackers Stole US Customer Data Using Social Engineering. A malicious actor breached a customer relationship management platform used by Allianz Life Insurance of North America on July 16 and stole personally identifiable information of most of its 1.4 million U.S. customers, financial professionals and some employees, the company said. First seen on govinfosecurity.com Jump to…
-
Flaw in Gemini CLI AI coding assistant allowed stealthy code execution
A vulnerability in Google’s Gemini CLI allowed attackers to silently execute malicious commands and exfiltrate data from developers’ computers using allowlisted programs. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/flaw-in-gemini-cli-ai-coding-assistant-allowed-stealthy-code-execution/
-
ArmouryLoader Bypasses Security Protections to Inject Malicious Code
ArmouryLoader and other malicious code loaders have become essential tools for introducing Trojan-type payloads into hacked systems in the ever-changing world of cyberattacks. First identified in 2024, ArmouryLoader exploits the ASUS Armoury Crate software by hijacking its export functions, such as freeBuffer in ArmouryA.dll, to initiate multi-stage execution chains. This loader facilitates privilege escalation, persistence,…
-
Hackers Breach Toptal GitHub, Publish 10 Malicious npm Packages With 5,000 Downloads
Tags: access, attack, authentication, breach, github, hacker, malicious, software, supply-chain, threatIn what’s the latest instance of a software supply chain attack, unknown threat actors managed to compromise Toptal’s GitHub organization account and leveraged that access to publish 10 malicious packages to the npm registry.The packages contained code to exfiltrate GitHub authentication tokens and destroy victim systems, Socket said in a report published last week. In…
-
How to Spot Malicious AI Agents Before They Strike
The rise of agentic AI means the battle of the machines is just beginning. To win, we’ll need our own agents, human and machine, working together. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/spot-malicious-ai-agents-strike
-
Malicious ISO File Used in Romance Scam Targeting German Speakers
Sublime Security reveals a cunning romance/adult-themed scam targeting German speakers, leveraging Keitaro TDS to deliver an AutoIT-based malware loader. Learn how this sophisticated campaign operates, its deceptive tactics, and the hidden payload. First seen on hackread.com Jump to article: hackread.com/malicious-iso-file-romance-scam-on-german-speakers/
-
Operation CargoTalon targets Russia’s aerospace with EAGLET malware,
Operation CargoTalon targets Russia’s aerospace and defense sectors with EAGLET malware, using TTN documents to exfiltrate data. SEQRITE Labs researchers uncovered a cyber-espionage campaign, dubbed OperationCargoTalon, targeting Russia’s aerospace and defense sectors, specifically Voronezh Aircraft Production Association (VASO), via malicious TTN documents. >>Товарно-транÑÐ¿Ð¾Ñ€Ñ‚Ð½Ð°Ñ Ð½Ð°ÐºÐ»Ð°Ð´Ð½Ð°Ñ>goods and transport invoice>consignment note
-
Freelance dev shop Toptal caught serving malware after GitHub account break-in
Malicious code lurking in over 5,000 downloads, says Socket researcher First seen on theregister.com Jump to article: www.theregister.com/2025/07/25/toptal_malware_attack/
-
Hackers Use Weaponized .HTA Files to Infect Victims with Red Ransomware
CloudSEK’s TRIAD team uncovered an active development site deploying Clickfix-themed malware linked to the Epsilon Red ransomware. This variant deviates from traditional clipboard-based command injection tactics by directing victims to a secondary page on the same domain, where malicious shell commands are executed silently through ActiveXObject(>>WScript.Shell
-
Patchwork Targets Turkish Defense Firms with Spear-Phishing Using Malicious LNK Files
The threat actor known as Patchwork has been attributed to a new spear-phishing campaign targeting Turkish defense contractors with the goal of gathering strategic intelligence.”The campaign employs a five-stage execution chain delivered via malicious LNK files disguised as conference invitations sent to targets interested in learning more about unmanned vehicle systems,” Arctic Wolf Labs said…
-
Hacker Added Prompt to Amazon Q to Erase Files and Cloud Data
A hacker injected a malicious prompt into Amazon Q via GitHub, aiming to delete user files and wipe AWS data, exposing a major security flaw. First seen on hackread.com Jump to article: hackread.com/hacker-added-prompt-amazon-q-erase-files-cloud-data/
-
Hackers Exploit Google Forms to Trick Victims into Stealing Cryptocurrency
Cybercriminals are increasingly using Google Forms to plan cryptocurrency theft in a sophisticated evolution of phishing assaults, taking advantage of the platform’s built-in credibility and smooth integration with Google’s ecosystem. This tactic allows malicious actors to bypass traditional email security filters, delivering deceptive messages directly to victims’ inboxes. By masquerading as legitimate notifications from cryptocurrency…
-
Phishing Attack Spoofs Facebook Login Page to Capture Credentials
Cybercriminals are using a variety of dishonest tactics in a sophisticated phishing effort aimed at Facebook users in order to obtain login information. The attack begins with a malicious redirect that leads victims to a fraudulent website mimicking legitimate Facebook interfaces. Here, users encounter a fake CAPTCHA prompt designed to appear as a standard security…