Google API Keys Quietly Gain Access to Gemini on Android Devices
Google API key flaw exposes mobile apps to Gemini AI access, private files and billing risks
Information Security Magazine
Critical Vulnerability in Ninja Forms Exposes WordPress Sites
1 month 2 weeks ago
Ninja Forms File Upload RCE via unauthenticated arbitrary file upload; update to 3.3.27 immediately
Anthropic Launches Project Glasswing to Use AI to Find and Fix Critical Software Vulnerabilities
1 month 2 weeks ago
Anthropic launches Project Glasswing, using its Claude Mythos Preview AI to autonomously identify and fix undiscovered vulnerabilities in critical software
US Thwarts DNS Hijacking Network Controlled by Russian APT28 Hackers
1 month 2 weeks ago
The FBI deployed a method to unplug US-based routers compromised by APT28 from the threat actor’s malicious network
Claude Discovers Apache ActiveMQ Bug Hidden for 13 Years
1 month 2 weeks ago
Anthropic’s Claude AI has helped researchers find a vulnerability in Apache ActiveMQ Classic
Iran‑Backed Threat Actors Hit US CNI Providers via Internet‑Facing OT Assets
1 month 2 weeks ago
CISA has revealed Iranian attacks causing disruption and financial loss at US critical infrastructure firms
Russian APT28 Hackers Hijack Routers to Steal Credentials, UK Security Agency Warns
1 month 2 weeks ago
Newly identified malicious campaigns are linked to virtual private servers modified by APT28 to operate as malicious DNS servers
GPU Rowhammer Attack Enables Privilege Escalation and Full System Compromise
1 month 2 weeks ago
GPUBreach uses GPU Rowhammer on GDDR6 to flip bits, corrupt page tables and escalate to system root
GrafanaGhost Exploit Bypasses AI Guardrails for Silent Data Exfiltration
1 month 2 weeks ago
GrafanaGhost chains AI prompt injection and URL flaws to exfiltrate sensitive Grafana data
Over $17bn Lost to Cyber Fraud in the Last Year, Warns FBI
1 month 2 weeks ago
Cryptocurrency scams alone cost victims over $7 billion, while AI-enabled fraud threats are on the rise, says FBI
Storm-1175 Exploits Flaws in High-Velocity Medusa Attacks
1 month 2 weeks ago
Microsoft has released a new report about the Storm-1175 group and its connection to Medusa ransomware
Fortinet Releases Emergency Patch After FortiClient EMS Bug Is Exploited
1 month 2 weeks ago
Fortinet has updated its FortiClient EMS product after zero-day attacks surfaced
New Phishing Platform Used in Credential Theft Campaigns Against C-Suite Execs
1 month 3 weeks ago
A large-scale credential theft campaign targeting senior executives has been linked to a previously unknown automated phishing platform called Venom
New 'Storm' Infostealer Remotely Decrypts Stolen Credentials
1 month 3 weeks ago
This modern infostealer adopted server-side decryption of stolen credentials to bypass security controls
NCSC Issues Security Alert Over Hackers Targeting WhatsApp and Signal Accounts
1 month 3 weeks ago
The UK’s cybersecurity agency offered advice to “high-risk’ individuals” on how to protect against social engineering and cyber-attacks
Apple Expands iOS 18 Security Updates Amid DarkSword Threat
1 month 3 weeks ago
iOS/iPadOS 18.7.7 updates expanded to protect older devices from DarkSword web exploit kit
GitHub Used as Covert Channel in Multi-Stage Malware Campaign
1 month 3 weeks ago
LNK files use GitHub C2, embedded decoders and PowerShell for persistence and data exfiltration
Researchers Observe Sub-One-Hour Ransomware Attacks
1 month 3 weeks ago
Halcyon says Akira is now capable of carrying out an entire ransomware attack in less than an hour
Most CNI Firms Face Up to £5m in Downtime from OT Attacks
1 month 3 weeks ago
E2e-assure says 80% of critical infrastructure providers could face millions in downtime from cyber-attacks
Google Introduces Android Dev Verification Amid Openness Debate
1 month 3 weeks ago
Android requires dev identity verification for sideloaded apps; phased global rollout from September
Checked
1 hour 56 minutes ago