Tag: tool
-
A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers
By plugging tens of billions of phone numbers into WhatsApp’s contact discovery tool, researchers found “the most extensive exposure of phone numbers” ever”, along with profile photos and more. First seen on wired.com Jump to article: www.wired.com/story/a-simple-whatsapp-security-flaw-exposed-billions-phone-numbers/
-
UNC1549 Hackers With Custom Tools Attacking Aerospace and Defense Systems to Steal Logins
The Iran-nexus cyber espionage group UNC1549 has significantly expanded its arsenal of custom tools and sophisticated attack techniques in an ongoing campaign targeting aerospace, aviation, and defense industries since mid-2024, according to new findings from Mandiant. The threat actor, which overlaps with Tortoiseshell and has suspected links to Iran’s Islamic Revolutionary Guard Corps (IRGC), demonstrates…
-
Rethinking identity for the AI era: CISOs must build trust at machine speed
Tags: access, ai, api, attack, authentication, business, ciso, cloud, control, cybersecurity, data, data-breach, google, governance, group, identity, infrastructure, injection, Internet, LLM, malicious, mitigation, network, risk, theft, threat, tool, training, vulnerabilityIdentity as a trust fabric: Most organizations currently rely on a welter of identity and access management systems for a variety of reasons. Some systems might be tied to a specific vendor’s technology; some might be legacy systems from mergers or acquisitions; some might be in place due to legal or regulatory requirements.”What happens even…
-
NDSS 2025 Detecting IMSI-Catchers By Characterizing Identity Exposing Messages In Cellular Traffic
SESSION Session 3B: Wireless, Cellular & Satellite Security ———– ———– Authors, Creators & Presenters: Tyler Tucker (University of Florida), Nathaniel Bennett (University of Florida), Martin Kotuliak (ETH Zurich), Simon Erni (ETH Zurich), Srdjan Capkun (ETH Zuerich), Kevin Butler (University of Florida), Patrick Traynor (University of Florida) ———– PAPER ———– Detecting IMSI-Catchers By Characterizing Identity Exposing…
-
SilentButDeadly: New Tool Blocks Network Traffic to Bypass EDR and Antivirus
A newly released open-source tool called SilentButDeadly is raising security concerns by demonstrating how attackers can effectively turn off Endpoint Detection and Response systems and antivirus software without terminating any processes. Developed by security researcher Ryan Framiñán and released on November 2, 2025, the tool exploits the Windows Filtering Platform to sever cloud connectivity for…
-
Akira engaged in ransomware attacks against critical sectors
The group has stepped up threat activity by abusing edge devices and other tools, reaping hundreds of millions of dollars in illicit gains. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/akira-ransomware-critical-sectors-fbi-cisa/805508/
-
Cursor Issue Paves Way for Credential-Stealing Attacks
Researchers discovered a security weakness in the AI-powered coding tool that allows malicious MCP server to hijack Cursor’s internal browser. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/cursor-issue-credential-stealing-attacks
-
Cursor Issue Paves Way for Credential-Stealing Attacks
Researchers discovered a security weakness in the AI-powered coding tool that allows malicious MCP server to hijack Cursor’s internal browser. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/cursor-issue-credential-stealing-attacks
-
âš¡ Weekly Recap: Fortinet Exploited, China’s AI Hacks, PhaaS Empire Falls & More
This week showed just how fast things can go wrong when no one’s watching. Some attacks were silent and sneaky. Others used tools we trust every day, like AI, VPNs, or app stores, to cause damage without setting off alarms.It’s not just about hacking anymore. Criminals are building systems to make money, spy, or spread…
-
India’s new data privacy rules turn privacy compliance into an engineering challenge
Tags: ai, automation, backup, cloud, compliance, data, encryption, india, monitoring, nist, privacy, saas, toolArchitectural changes required: Analysts point out that meeting erasure deadlines and purpose-based storage limits will require deeper architectural changes.”Architectural changes include deploying encryption, masking, and tokenization for secure storage, implementing consent managers, and integrating erasure standards like NIST 800-88 or IEEE 2883 for IT asset sanitization,” Mahapatra said. “Cloud-native architectures with granular data classification and…
-
Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT
The threat actor known as Dragon Breath has been observed making use of a multi-stage loader codenamed RONINGLOADER to deliver a modified variant of a remote access trojan called Gh0st RAT.The campaign, which is primarily aimed at Chinese-speaking users, employs trojanized NSIS installers masquerading as legitimate like Google Chrome and Microsoft Teams, according to Elastic…
-
Spam flooding npm registry with token stealers still isn’t under control
Tags: access, antivirus, attack, authentication, blockchain, breach, control, credentials, crypto, detection, edr, exploit, finance, firewall, governance, identity, login, malicious, malware, mfa, monitoring, network, open-source, pypi, risk, software, spam, supply-chain, threat, tool, wormCSO that number has now grown to 153,000.And while this payload merely steals tokens, other threat actors are paying attention, said Sonatype CTO Brian Fox.When Sonatype wrote about the campaign just over a year ago, it found a mere 15,000 packages that appeared to come from a single person.With the swollen numbers reported this week,…
-
What tools empower better Secrets Security management
How Can Secrets Security Management Tools Strengthen Your Cybersecurity Strategy? Have you ever considered how machine identities can transform your cybersecurity approach? With the growing complexity of digital environments, particularly in cloud-based organizations, the management of Non-Human Identities (NHIs) is becoming crucial for robust cybersecurity frameworks. These identities are essentially the machine counterparts to human……
-
The next tech divide is written in AI diffusion
AI is spreading faster than any major technology in history, according to a Microsoft report. More than 1.2 billion people have used an AI tool within three years of the first … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/17/microsoft-ai-diffusion-trends/
-
Level up your Solidity LLM tooling with Slither-MCP
We’re releasing Slither-MCP, a new tool that augments LLMs with Slither’s unmatched static analysis engine. Slither-MCP benefits virtually every use case for LLMs by exposing Slither’s static analysis API via tools, allowing LLMs to find critical code faster, navigate codebases more efficiently, and ultimately improve smart contract authoring and auditing performance. How Slither-MCP works Slither-MCP…
-
A Major Leak Spills a Chinese Hacking Contractor’s Tools and Targets
Plus: State-sponsored AI hacking is here, Google hosts a CBP face recognition app, and more of the week’s top security news. First seen on wired.com Jump to article: www.wired.com/story/major-leak-spills-chinese-hacking-contractor-tools-targets/
-
Worm flooding npm registry with token stealers still isn’t under control
Tags: access, antivirus, attack, authentication, blockchain, breach, control, credentials, crypto, detection, edr, exploit, finance, firewall, governance, identity, login, malicious, malware, mfa, monitoring, network, open-source, pypi, risk, software, supply-chain, threat, tool, wormCSO that number has now grown to 153,000.”It’s unfortunate that the worm isn’t under control yet,” said Sonatype CTO Brian Fox.And while this payload merely steals tokens, other threat actors are paying attention, he predicted.”I’m sure somebody out there in the world is looking at this massively replicating worm and wondering if they can ride…
-
From detection to response: Why confidence is the real game changer
Why network visibility is the flashlight: The ESG study makes this clear: Network visibility isn’t just another layer of detection. It’s the lens that turns noise into knowledge. Packets capture everything attackers do”, every beacon, every lateral move, every exfiltration attempt. That means analysts can quickly validate alerts, scope exposure, and move with precision when minutes matter.And contrary to the…
-
Why network visibility is the thread that holds cybersecurity together
Tags: attack, cyber, cybersecurity, data, detection, incident response, intelligence, network, threat, toolThe common ground: The network as source of truth: So where do organizations turn when environments get too complex and alerts feel untrustworthy? To the one thing every attack must cross: the network.Forty-one percent of security leaders say network detection and response tools are the best equipped to provide visibility across hybrid, multicloud environments. That’s because packets…
-
Why network visibility is the thread that holds cybersecurity together
Tags: attack, cyber, cybersecurity, data, detection, incident response, intelligence, network, threat, toolThe common ground: The network as source of truth: So where do organizations turn when environments get too complex and alerts feel untrustworthy? To the one thing every attack must cross: the network.Forty-one percent of security leaders say network detection and response tools are the best equipped to provide visibility across hybrid, multicloud environments. That’s because packets…
-
AI Tool Ran Bulk of Cyberattack, Anthropic Says
Claude Ran Up to 90% Intrusion Tasks Autonomously in China-Linked Campaign. A Chinese state-linked hacking group relied on the Claude Code model to automate most of a cyberespionage campaign against dozens of organizations, Anthropic said. The AI firm describes the campaign as the first verified case of an AI system handling the bulk of a…
-
Akira RaaS Targets Nutanix VMs, Threatens Critical Orgs
The Akira ransomware group has been experimenting with new tools, bugs, and attack surfaces, with demonstrated success in significant sectors. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/akira-raas-nutanix-vms-critical-orgs
-
New Security Tools Target Growing macOS Threats
A public dataset and platform-agnostic analysis tool aim to help organizations in the fight against Apple-targeted malware, which researchers say has lacked proper attention. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/new-security-tools-target-growing-macos-threats
-
TDL 009 – Inside DNS Threat Intelligence: Privacy, Security Innovation
Tags: access, apple, attack, automation, backup, best-practice, business, ceo, cisco, ciso, cloud, computer, control, corporate, country, crime, cybersecurity, data, dns, encryption, finance, firewall, government, infrastructure, intelligence, Internet, jobs, law, linkedin, malicious, marketplace, middle-east, monitoring, msp, network, office, privacy, regulation, risk, service, software, strategy, threat, tool, windows, zero-trustSummary Inside DNS Threat Intelligence: Privacy, Security & Innovation In this episode of the Defenders Log, host David Redekop speaks with Tim Adams, the founder of the protective DNS resolver Scout DNS. Tim shares his origin story, explaining how he transitioned from a wireless network integrator to building his own DNS solution. He saw a…
-
Anthropic warns state-linked actor abused its AI tool in sophisticated espionage campaign
Researchers said a China-backed adversary conducted powerful attacks with almost no human intervention.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/anthropic-state-actor-ai-tool-espionage/805550/
-
AI firm claims it stopped Chinese state-sponsored cyber-attack campaign
Anthropic says financial firms and government agencies were attacked ‘largely without human intervention’A leading artificial intelligence company claims to have stopped a China-backed “cyber espionage” campaign that was able to infiltrate financial firms and government agencies with almost no human oversight.The US-based Anthropic said its coding tool, Claude Code, was “manipulated” by a Chinese state-sponsored…