Collecting Cyber-News from over 60 sources

Tag: tool

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

Jun 1, 2026 1:42 PM

Tags: android, attack, authentication, breach, cybersecurity, github, malicious, openai, supply-chain, tool

Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that’s targeting developers using OpenAI Codex through a legitimate-looking remote web UI.The tool, named codexui-android, is advertised on GitHub and npm as a remote web UI for OpenAI Codex, attracting over 29,000 weekly downloads. The package is still available for download from the…
NVIDIA goes open source with a big batch of physical AI agent tools

Jun 1, 2026 11:43 AM

Tags: ai, nvidia, open-source, skills, tool

NVIDIA just dropped a big batch of open-source >>physical AI<< skills and tools, and they're designed to make a roboticist's life a whole lot easier. The … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/01/nvidia-open-source-physical-ai-skills/
Meta AI Vulnerability Allegedly Enables Instagram Password Resets

Jun 1, 2026 10:42 AM

Tags: access, ai, cyber, identity, password, tool, unauthorized, vulnerability

Instagram is facing scrutiny after a critical vulnerability in its Meta AI-powered support system allegedly allowed attackers to take over user accounts by abusing the password recovery process. The tool, designed to help users regain access to locked accounts, could be tricked into sending password reset codes to unauthorized individuals without proper identity verification. The…
KnowBe4 vereint E und Chat-Sicherheit durch die Ausweitung der Bedrohungserkennung auf Microsoft-Teams

Jun 1, 2026 1:42 AM

Tags: ai, bug, mail, microsoft, tool

Der führende Anbieter Digitaler-Workforce-Security, der sich umfassend mit dem Schutz von Menschen und KI-Agenten befasst, KnowBe4, führt ‘KnowBe4 Messaging Security” ein, mit der Microsoft-Teams abgesichert werden kann. Die KnowBe4-Plattform bietet nun einen einheitlichen Schutz für die beiden wichtigsten Kommunikationskanäle von Unternehmen: Chat und E-Mail. Dieses neue Angebot schließt die Sicherheitslücke zwischen E-Mail-Schutz und Tools für…
27,000-Download Codex UI Tool Secretly Stole OpenAI Refresh Tokens

May 31, 2026 5:42 PM

Tags: malicious, openai, tool

A malicious Codex UI npm package with 27,000 weekly downloads was caught exfiltrating OpenAI refresh tokens, exposing developers to account takeover risks. First seen on hackread.com Jump to article: hackread.com/codex-ui-tool-secretly-stole-openai-refresh-tokens/
Socket Raises $60M for Wider Software Supply-Chain Defense

May 27, 2026 12:00 AM

Tags: ai, control, defense, malicious, software, supply-chain, tool

Funding at $1B Valuation Will Expand Controls Across Developer and AI Ecosystems. Socket raised $60 million in a Thrive Capital-led Series C at a $1 billion valuation to expand its supply-chain security platform beyond package managers as AI coding tools increase enterprise exposure to malicious dependencies, browser extensions and developer tooling. First seen on govinfosecurity.com…
Microsoft Code Editor Flaw Lets Attackers Hijack Developer PCs

May 26, 2026 8:00 PM

Tags: access, ai, flaw, intelligence, malicious, microsoft, tool

Hidden Install Settings Let Malicious MCP Links Execute Code. Microsoft patched a high-severity flaw in Visual Studio Code after researchers found attackers could hide malicious settings inside MCP server install links, giving them persistent access to developer machines through what appeared to be routine artificial intelligence tool installations. First seen on govinfosecurity.com Jump to article:…
Ghost hackers: the cybersecurity mystery that nobody has solved

May 26, 2026 6:00 PM

Tags: cybersecurity, group, hacker, hacking, risk, tool

A shadowy group that stole and dumped the NSA’s most powerful hacking tools still has implications for how companies think about digital risk today. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/26/ghost-hackers-the-cybersecurity-mystery-that-nobody-has-solved/
Ghost hackers: the cybersecurity mystery that nobody has solved

May 26, 2026 6:00 PM

Tags: cybersecurity, group, hacker, hacking, risk, tool

A shadowy group that stole and dumped the NSA’s most powerful hacking tools still has implications for how companies think about digital risk today. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/26/ghost-hackers-the-cybersecurity-mystery-that-nobody-has-solved/
Ghost hackers: the cybersecurity mystery that nobody has solved

May 26, 2026 6:00 PM

Tags: cybersecurity, group, hacker, hacking, risk, tool

A shadowy group that stole and dumped the NSA’s most powerful hacking tools still has implications for how companies think about digital risk today. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/26/ghost-hackers-the-cybersecurity-mystery-that-nobody-has-solved/
How Varonis Atlas integrates Claude Compliance API for AI governance

May 26, 2026 5:00 PM

Tags: ai, api, compliance, data, governance, risk, tool

AI governance requires visibility into how AI tools interact with enterprise data. Varonis explains how its Atlas platform uses Claude Compliance API data to help monitor usage, investigate risk, and support compliance. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/how-varonis-atlas-integrates-claude-compliance-api-for-ai-governance/
[THN Webinar] New AI DDoS Attacks Are Smarter. Learn How to Fight Back

May 26, 2026 4:00 PM

Tags: ai, attack, ddos, hacker, intelligence, tool, update

Every single day, hackers are finding new ways to crash websites and steal data.But right now, something has changed. Hackers are no longer working alone. They are now using powerful Artificial Intelligence (AI) tools to make their attacks faster, stronger, and much harder to stop.According to recent updates from The Hacker News, bad actors are…
CERT-In Recommends 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

May 26, 2026 4:00 PM

Tags: ai, attack, computer, data-breach, flaw, india, intelligence, Internet, threat, tool, update, vulnerability

The Indian Computer Emergency Response Team (CERT-In) has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed systems within 12 hours of being flagged where “feasible” to safeguard against potential threats stemming from threat actors’ abuse of artificial intelligence (AI) tools and large language models (LLMs) to automate vulnerability First seen on…
Webinar: Too many tools are slowing network incident response

May 26, 2026 3:00 PM

Tags: ai, automation, incident response, infrastructure, monitoring, network, tool

IT teams often need to jump between monitoring dashboards, infrastructure tools, ticketing systems, and communication platforms during network incidents. This webinar explores how automation and AI-assisted workflows can help reduce manual coordination and improve incident response times. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/webinar-too-many-tools-are-slowing-network-incident-response/
Webinar: Too many tools are slowing network incident response

May 26, 2026 3:00 PM

Tags: ai, automation, incident response, infrastructure, monitoring, network, tool

IT teams often need to jump between monitoring dashboards, infrastructure tools, ticketing systems, and communication platforms during network incidents. This webinar explores how automation and AI-assisted workflows can help reduce manual coordination and improve incident response times. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/webinar-too-many-tools-are-slowing-network-incident-response/
Webinar: Too many tools are slowing network incident response

May 26, 2026 3:00 PM

Tags: ai, automation, incident response, infrastructure, monitoring, network, tool

IT teams often need to jump between monitoring dashboards, infrastructure tools, ticketing systems, and communication platforms during network incidents. This webinar explores how automation and AI-assisted workflows can help reduce manual coordination and improve incident response times. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/webinar-too-many-tools-are-slowing-network-incident-response/
New AI DDoS Attacks Are Smarter. Learn How to Fight Back in This Webinar

May 26, 2026 3:00 PM

Tags: ai, attack, ddos, hacker, intelligence, tool, update

Every single day, hackers are finding new ways to crash websites and steal data.But right now, something has changed. Hackers are no longer working alone. They are now using powerful Artificial Intelligence (AI) tools to make their attacks faster, stronger, and much harder to stop.According to recent updates from The Hacker News, bad actors are…
CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

May 26, 2026 1:00 PM

Tags: ai, attack, computer, data-breach, flaw, india, intelligence, Internet, threat, tool, update, vulnerability

The Indian Computer Emergency Response Team (CERT-In) has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed systems within 12 hours of being flagged where “feasible” to safeguard against potential threats stemming from threat actors’ abuse of artificial intelligence (AI) tools and large language models (LLMs) to automate vulnerability First seen on…
Abliteration: Entfernung von Sicherheitsmechanismen in KI-Modellen immer einfacher

May 26, 2026 12:00 PM

Tags: ai, open-source, tool

Frei verfügbare Tools erlauben es auch ohne technische Kenntnisse, Sicherheitsbarrieren in Open-Source-KI-Modellen zu umgehen. First seen on golem.de Jump to article: www.golem.de/news/abliteration-entfernung-von-sicherheitsmechanismen-in-ki-modellen-immer-einfacher-2605-209026.html
Abliteration: Entfernung von Sicherheitsmechanismen in KI-Modellen immer einfacher

May 26, 2026 12:00 PM

Tags: ai, open-source, tool

Frei verfügbare Tools erlauben es auch ohne technische Kenntnisse, Sicherheitsbarrieren in Open-Source-KI-Modellen zu umgehen. First seen on golem.de Jump to article: www.golem.de/news/abliteration-entfernung-von-sicherheitsmechanismen-in-ki-modellen-immer-einfacher-2605-209026.html
ConnectWise Automate Flaw Allows Hackers to Evade Security Controls

May 26, 2026 11:00 AM

Tags: control, cve, cvss, cyber, flaw, hacker, monitoring, service, tool, unauthorized, update, vulnerability

ConnectWise has released a security update to address a high-severity vulnerability in its ConnectWise Automate remote monitoring and management (RMM) platform, a widely used tool for managed service providers (MSPs). The flaw, tracked as CVE-2026-9089, carries a CVSS score of 8.8 and could allow attackers to bypass integrity verification mechanisms, potentially enabling unauthorized code execution…
Hackers Use SEO Poisoning to Fake Gemini CLI and Claude Code Installers

May 26, 2026 11:00 AM

Tags: ai, cyber, guide, hacker, malicious, malware, tool

Hackers are increasingly abusing search engine optimization (SEO) techniques to distribute malware by impersonating popular AI developer tools, including Gemini CLI and Claude Code. The activity, first observed in early March 2026, shows attackers creating malicious domains that rank above legitimate sources in search engine results. Developers searching for official installation guides are redirected to…
Anthropic adds 28 security and compliance integrations for Claude

May 25, 2026 7:00 PM

Tags: ai, compliance, tool

AI tools are becoming part of everyday work in organizations, creating new security and oversight requirements as usage grows. To address that, Anthropic introduced 28 … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/25/anthropic-security-compliance-integrations-claude/
âš¡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos

May 25, 2026 6:00 PM

Tags: botnet, flaw, linux, router, scam, supply-chain, tool, zero-day

Monday recap. Same mess, new week.A sketchy dev tool got people pwned, old bugs came back from the dead, and security products somehow needed protecting from themselves. A bunch of companies spent the week checking old boxes and forgotten servers they should’ve patched years ago. Good times.Phishing crews are getting smarter too – less obvious…
Responding to Breaches With AI? Beware Cross-Contamination

May 25, 2026 3:00 PM

Tags: ai, breach, cybersecurity, incident response, intelligence, security-incident, tool

Separate Breach Details Can Bleed Into Each Other, Incident Responders Find. Cybersecurity investigators who use artificial intelligence tools to draft incident response reports, beware: Information tied to one security incident can contaminate a report into a separate incident, if both get drafted using the same AI tool in the same session, researchers warn. First seen…
Kazuar Malware Becomes Modular Spyware for Secret Blizzard Ops

May 25, 2026 9:00 AM

Tags: blizzard, cyber, defense, espionage, government, group, malware, russia, spyware, threat, tool

A major evolution in the Kazuar malware family, a long-standing cyber espionage tool linked to the Russian state-sponsored threat group Secret Blizzard, also known as Turla and Venomous Bear. Kazuar historically supported espionage campaigns targeting government, diplomatic, and defense sectors. Its latest iteration introduces a modular architecture composed of three key components: Kernel, Bridge, and…
Turns out the C-suite loves shadow AI

May 25, 2026 7:00 AM

Tags: ai, privacy, risk, tool

Senior decision-makers are the heaviest users of unapproved AI tools, and they continue using them despite being aware of the security and privacy risks linked to shadow AI, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/25/trustedtech-workplace-shadow-ai-use-report/
Top 10 Best Static Application Security Testing (SAST) Tools for Security Teams in 2026

May 24, 2026 4:00 PM

Tags: api, application-security, cyber, flaw, programming, software, tool

The complexity of modern software development requires security to be deeply embedded within the engineering pipeline rather than treated as an afterthought. Whether you are managing extensive front-end codebases or back-end API integrations, catching flaws before code is compiled is crucial. This proactive approach is the essence of Static Application Security Testing (SAST). By identifying…
Was uns der Vercel-Angriff über moderne Identitätsrisiken lehrt

May 23, 2026 3:00 PM

Tags: ai, cyberattack, governance, identity, tool

KI-Tools verändern die Art, wie Unternehmen arbeiten und die Art, wie sie angegriffen werden. In den vergangenen Monaten folgte eine wachsende Zahl von Sicherheitsvorfällen einem Muster, das klassische Identity-Governance-Lösungen schlicht nicht erkennen können. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/vercel-angriff-moderne-identitaetsrisiken
Microsoft releases new AI red teaming tools for developers

May 23, 2026 6:00 AM

Tags: ai, microsoft, RedTeam, tool

First seen on scworld.com Jump to article: www.scworld.com/brief/microsoft-releases-new-ai-red-teaming-tools-for-developers