A CVSS 8.8 AgentSmith flaw in LangSmith's Prompt Hub exposed AI agents to data theft and LLM manipulation. Learn how malicious AI agents could steal API keys and hijack LLM responses. Fix deployed.
Cybersecurity researchers have exposed a previously unknown threat actor known as Water Curse that relies on weaponized GitHub repositories to deliver multi-stage malware. "The malware enables...
Content warning: This story discusses non-consensual deepfake nude imagery. On the surface, Crushmate appeared to be one of many artificial intelligence “girlfriend” or “companion” apps. Its...
Two critical Linux flaws allow unprivileged users to gain root access, affecting major distributions
ASEC Blog publishes Ransom & Dark Web Issues Week 3, June 2025 Operation Deep Sentinel: The dark web marketplace Archetyp Market shut down through international joint investigation. Internal data...
After an attack on Iran's Sepah bank, the hyper-aggressive Israel-linked hacker group has now destroyed more than $90 million held at Iranian crypto exchange Nobitex.
Barracuda observed a big spike in spam emails generated using AI tools, making up the majority detected in April 2025
It's the latest cyberattack on Iran claimed by a pro-Israeli hacking group since the latest flare up in tensions between the two countries.
As SEO leans towards AI, site owners are more in need of third-party tools, and agencies and updating…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued four new industrial control system (ICS) advisories, warning... The post CISA warns of critical ICS vulnerabilities in...
Upgraded GodFather banking malware now uses on-device virtualization to hijack apps, enabling real-time fraud
Written by: Gabby Roncone, Wesley Shields In cooperation with external partners, Google Threat Intelligence Group (GTIG) observed a Russia state-sponsored cyber threat actor impersonating the U.S....
2025-06-14 • K7 Security • Uma Madasamy • win.chaos Open article on Malpedia
2025-06-17 • DARKReading • James Shank • win.bumblebee, win.emotet, win.pikabot, win.smokeloader, win.trickbot Open article on Malpedia
The Smart Display E10 tablet offers facial recognition, quad-view live stream, event summaries, and a built-in battery for portability.
We are happy to announce the General Availability of Cloudflare Log Explorer, a powerful product designed to bring observability and forensics capabilities directly into your Cloudflare dashboard.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed a security flaw impacting the Linux kernel in its Known Exploited Vulnerabilities (KEV) catalog, stating it has...
A former U.S. Central Intelligence Agency (CIA) analyst has been sentenced to little more than three years in prison for unlawfully retaining and transmitting top secret National Defense...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about the active exploitation of a critical Linux kernel vulnerability, officially listed as CVE-2023-0386. The...
Let's break down eight attack patterns security teams should be watching in 2025.
ClickFix techniques are enabling threat actors to bypass defenses using tools like MSHTA, says ReliaQuest
The Israel-Iran conflict that began with Israeli attacks on Iranian nuclear and military targets on June 13 has sparked a wider cyber conflict in the region, including the launch of new malware...
Cato CTRL uncovers new WormGPT variants powered by jailbroken Grok and Mixtral. Learn how cybercriminals jailbreak top LLMs for uncensored, illegal activities in this latest threat research.
Veeam has rolled out patches to contain a critical security flaw impacting its Backup & Replication software that could result in remote code execution under certain conditions. The security...
Microsoft has announced that it will soon update security defaults for all Microsoft 365 tenants to block access to SharePoint, OneDrive, and Office files via legacy authentication protocols. [...]
A large-scale malware campaign specifically targets Minecraft players with malicious mods and cheats that infect Windows devices with infostealers that steal credentials, authentication tokens,...
Iran has throttled internet access in the country in a purported attempt to hamper Israel's ability to conduct covert cyber operations, days after the latter launched an unprecedented attack on...
The new Cyber Growth Action Plan aims to support the UK’s cyber industry, including the development of innovative new technologies and startups
In this sixth installment of Tenable’s “Stronger Cloud Security in Five” blog series, we offer three recommendations that you can quickly roll out to help you expedite, prioritize and fine-tune...
The group positions itself “not just as a ransomware group, but as a full-service cybercrime platform”, according to Cybereason