“Cyber warfare is as much about psychological strategy as technical prowess.”
― James Scott
-

OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials [email protected] (The Hacker News)
At least two distinct threat actors are weaponizing a novel evasion technique called OAuth client ID spoofing in cloud campaigns, while slipping past telemetry. The activity allows users to enumerate user accounts and validate stolen credentials in Microsoft Entra ID environments, without ever generating a successful sign-in event that would otherwise alert defenders. And bad…
-

Grok Build Uploads Entire Git Repositories to xAI Storage, Not Just Files It Reads [email protected] (The Hacker News)
xAI’s Grok Build coding CLI was uploading entire Git repositories, full commit history and all, to a Google Cloud Storage bucket run by xAI, not just the files a coding task needed. A researcher publishing as cereblab, testing version 0.2.93, captured one of those uploads, cloned the git bundle out of the intercepted request, and…
-

U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support [email protected] (The Hacker News)
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has designated two individuals and a VPN service provider for enabling ransomware actors’ and other cybercriminals’ malicious activities, including ransomware attacks against Americans. The VPN, named First VPN Service (1VPNS), has been accused of offering its tools to ransomware groups, along with its 45-year-old UkrainianRead…
-
Building cyber-resilient AI in the enterprise
AI attacks and breaches hit differently than traditional attacks, and therefore require more than traditional controls. The best defense requires planning for cyber-resilience.Read More
-

148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet [email protected] (The Hacker News)
A campaign of 148 npm packages disguised as student web proxies turned visitors’ browsers into a distributed denial-of-service botnet for roughly two weeks in May, according to new research from JFrog. The packages did not go after the developers who might install them. The operators used the registry as free hosting for a booby-trapped proxy site…
-

Microsoft Maps Year-Long ShinyHunters-Linked Salesforce Data Theft Across Three Paths [email protected] (The Hacker News)
Attackers whose methods line up with the data-extortion group ShinyHunters have spent the past year walking into corporate Salesforce environments without exploiting a single flaw in the platform. The way in has been the trust the organization had already extended, usually through the OAuth connections that tie Salesforce to the apps and third-party vendors around it. In Read…
-

CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks [email protected] (The Hacker News)
Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that’s capable of harvesting sensitive data from compromised systems. Unlike other information stealers that are built on AppleScript droppers or Objective-C-based wrappers, CrashStealer is implemented in native C++, according to Jamf Threat Labs. “It validates the victim’s login password locally beforeRead More
-

Google and Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Found [email protected] (The Hacker News)
Google and Microsoft have pulled ModHeader, a popular header-editing extension with roughly 1.6 million installs across Chrome and Edge, after researchers found a hidden browsing-history collector built into its official store version. The collector was dormant. An empty allow-list kept it switched off, and no proof has emerged that it ever gathered or sent a…
-

⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More [email protected] (The Hacker News)
Somewhere right now, a security tool is quietly finding bugs faster than any human can fix them. That’s supposed to be the good news. The catch is that the attackers have the same tools, pointed the other way, and they don’t file tickets. That’s the shape of this week. Trusted code turns on the people…
-

New MemGhost Attack Plants Persistent False Memories in AI Agents Through One Email [email protected] (The Hacker News)
Give an AI assistant a memory and access to your inbox, and you hand an attacker a way to rewrite what it thinks it knows about you. A single email can trick that agent into saving a false “fact” about the user, hide the change, and quietly steer its answers in later sessions. When it…
“Security used to be an inconvenience sometimes, but now it’s a necessity all the time.”
― Martina Navratilova
