Category: Uncategorized
-

U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support [email protected] (The Hacker News)
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has designated two individuals and a VPN service provider for enabling ransomware actors’ and other cybercriminals’ malicious activities, including ransomware attacks against Americans. The VPN, named First VPN Service (1VPNS), has been accused of offering its tools to ransomware groups, along with its 45-year-old UkrainianRead…
-
Building cyber-resilient AI in the enterprise
AI attacks and breaches hit differently than traditional attacks, and therefore require more than traditional controls. The best defense requires planning for cyber-resilience.Read More
-

148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet [email protected] (The Hacker News)
A campaign of 148 npm packages disguised as student web proxies turned visitors’ browsers into a distributed denial-of-service botnet for roughly two weeks in May, according to new research from JFrog. The packages did not go after the developers who might install them. The operators used the registry as free hosting for a booby-trapped proxy site…
-

Microsoft Maps Year-Long ShinyHunters-Linked Salesforce Data Theft Across Three Paths [email protected] (The Hacker News)
Attackers whose methods line up with the data-extortion group ShinyHunters have spent the past year walking into corporate Salesforce environments without exploiting a single flaw in the platform. The way in has been the trust the organization had already extended, usually through the OAuth connections that tie Salesforce to the apps and third-party vendors around it. In Read…
-

CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks [email protected] (The Hacker News)
Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that’s capable of harvesting sensitive data from compromised systems. Unlike other information stealers that are built on AppleScript droppers or Objective-C-based wrappers, CrashStealer is implemented in native C++, according to Jamf Threat Labs. “It validates the victim’s login password locally beforeRead More
-

Google and Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Found [email protected] (The Hacker News)
Google and Microsoft have pulled ModHeader, a popular header-editing extension with roughly 1.6 million installs across Chrome and Edge, after researchers found a hidden browsing-history collector built into its official store version. The collector was dormant. An empty allow-list kept it switched off, and no proof has emerged that it ever gathered or sent a…
-

⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More [email protected] (The Hacker News)
Somewhere right now, a security tool is quietly finding bugs faster than any human can fix them. That’s supposed to be the good news. The catch is that the attackers have the same tools, pointed the other way, and they don’t file tickets. That’s the shape of this week. Trusted code turns on the people…
-

New MemGhost Attack Plants Persistent False Memories in AI Agents Through One Email [email protected] (The Hacker News)
Give an AI assistant a memory and access to your inbox, and you hand an attacker a way to rewrite what it thinks it knows about you. A single email can trick that agent into saving a false “fact” about the user, hide the change, and quietly steer its answers in later sessions. When it…
-

Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft [email protected] (The Hacker News)
A new phishing-as-a-service (PhaaS) operation called Forg365 is using a combination of device code phishing, adversary-in-the-middle (AitM) tactics, antibot evasion, artificial intelligence (AI)-assisted lure creation, and post-compromise mailbox operations targeting Microsoft 365 accounts. Distributed via Telegram and costing $400 a month (or $3,800 per year), attack chains leverage phishingRead More
-

Meta Files Patent for AI That Can Listen All Day and Track How You’re Feeling [email protected] (The Hacker News)
Meta has filed a patent application for an AI that listens to your voice throughout the day, works out how it thinks you are feeling from the way you sound, and keeps a timestamped log of every read. Each read gets pinned to the moment it happened: the time, your location, what you were doing,…
