Daily feed of AI security, malware, and defensive research updates.
** Nov 20, 2025 ** Ravie Lakshmanan Cybersecurity / Hacking News This week has been crazy in the world of hacking and online security. From Thailand to London to the US, we’ve seen arrests, …
** Nov 20, 2025 ** Ravie Lakshmanan Malware / Mobile Security Cybersecurity researchers have disclosed details of a new Android banking trojan called Sturnus that enables credential theft and full …
** Nov 20, 2025 ** The Hacker News Online Fraud / Web Security CTM360 has identified a rapidly expanding WhatsApp account-hacking campaign targeting users worldwide via a network of deceptive …
** Nov 20, 2025 ** Ravie Lakshmanan Vulnerability / Cloud Computing Oligo Security has warned of ongoing attacks exploiting a two-year-old security flaw in the Ray open-source artificial intelligence …
** Nov 20, 2025 ** Ravie Lakshmanan Malvertising / Artificial Intelligence Threat actors are leveraging bogus installers masquerading as popular software to trick users into installing malware as part …
Legal Restrictions on Vulnerability Disclosure Kendra Albert gave an excellent talk at USENIX Security this year, pointing out that the legal agreements surrounding vulnerability disclosure muzzle …
The challenge facing security leaders is monumental: Securing environments where failure is not an option. Reliance on traditional security postures, such as Endpoint Detection and Response (EDR) to …
** Nov 19, 2025 ** Ravie Lakshmanan Vulnerability / Threat Intelligence A newly discovered campaign has compromised tens of thousands of outdated or end-of-life (EoL) ASUS routers worldwide, …
Cybersecurity researchers have disclosed details of a new campaign that leverages a combination of social engineering and WhatsApp hijacking to distribute a Delphi-based banking trojan named …
** Nov 19, 2025 ** Ravie Lakshmanan Vulnerability / Threat Intelligence A recently disclosed security flaw impacting 7-Zip has come under active exploitation in the wild, according to an advisory …
** Nov 19, 2025 ** Ravie Lakshmanan AI Security / SaaS Security Malicious actors can exploit default configurations in ServiceNow’s Now Assist generative artificial intelligence (AI) platform …
** Nov 19, 2025 ** Ravie Lakshmanan Vulnerability / Network Security Fortinet has warned of a new security flaw in FortiWeb that it said has been exploited in the wild. The medium-severity …
** Nov 19, 2025 ** Ravie Lakshmanan Cyber Espionage / Malware The threat actor known as PlushDaemon has been observed using a previously undocumented Go-based network backdoor codenamed EdgeStepper to …
The malware authors associated with a Phishing-as-a-Service (PhaaS) kit known as Sneaky 2FA have incorporated Browser-in-the-Browser (BitB) functionality into their arsenal, underscoring the continued …
Meta on Tuesday said it has made available a tool called WhatsApp Research Proxy to some of its long-time bug bounty researchers to help improve the program and more effectively research the messaging …
** Nov 18, 2025 ** Ravie Lakshmanan Malware / Web Security Cybersecurity researchers have discovered a set of seven npm packages published by a single threat actor that leverages a cloaking service …
** Nov 18, 2025 ** Ravie Lakshmanan Malware / Social Engineering Cybersecurity researchers have disclosed details of a cyber attack targeting a major U.S.-based real-estate company that involved the …
** Nov 18, 2025 ** The Hacker News Cloud Security / Compliance You’ve probably already moved some of your business to the cloud—or you’re planning to. That’s a smart move. It helps …
** Nov 18, 2025 ** Ravie Lakshmanan Cyber Espionage / Malware Suspected espionage-driven threat actors from Iran have been observed deploying backdoors like TWOSTROKE and DEEPROOT as part of continued …
Identity security fabric (ISF) is a unified architectural framework that brings together disparate identity capabilities. Through ISF, identity governance and administration (IGA), access management …
** Nov 17, 2025 ** Ravie Lakshmanan Cybersecurity researchers have discovered malware campaigns using the now-prevalent ClickFix social engineering tactic to deploy Amatera Stealer and NetSupport RAT …
** Nov 17, 2025 ** Ravie Lakshmanan Vulnerability / Mobile Security Google has disclosed that the company’s continued adoption of the Rust programming language in Android has resulted in the …
More Prompt||GTFO The next three in this series on online events highlighting interesting uses of AI in cybersecurity are online: #4 , #5 , and #6 . Well worth watching. Tags: AI , cybersecurity , …
The threat actor known as Dragon Breath has been observed making use of a multi-stage loader codenamed RONINGLOADER to deliver a modified variant of a remote access trojan called Gh0st RAT. The …
Phishing attacks are no longer confined to the email inbox, with 1 in 3 phishing attacks now taking place over non-email channels like social media, search engines, and messaging apps. LinkedIn in …
