Aggregator
Hackers Use Hugging Face to Host Second-Stage Malware for npm Supply Chain Attack
Hackers have found a new and alarming way to weaponize one of the most trusted platforms in the AI world. A threat actor linked to North Korea has embedded second-stage malware inside Hugging Face, the widely used AI and machine learning hub, effectively turning it into a malware delivery channel and a live data exfiltration […]
The post Hackers Use Hugging Face to Host Second-Stage Malware for npm Supply Chain Attack appeared first on Cyber Security News.
Weekly Threat Landscape Digest – Week 21
1. Multiple Vulnerabilities in HP Linux Imaging and Printing Software Overview: Two vulnerabilities have been identified in HP Linux Imaging […]
The post Weekly Threat Landscape Digest – Week 21 appeared first on HawkEye.
U.S. CISA adds Trend Micro Apex One and Langflow to its Known Exploited Vulnerabilities catalog
Microsoft 365 users targeted by new phishing threat that bypasses MFA
Microsoft 365 access tokens are being targeted by an emerging Phishing-as-a-Service (PhaaS) platform called Kali365, the FBI is warning. First observed in April 2026, Kali365 has been distributed through Telegram, allowing cybercriminals to obtain Microsoft 365 access tokens and bypass MFA without stealing user credentials. “Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities,” the FBI said. … More →
The post Microsoft 365 users targeted by new phishing threat that bypasses MFA appeared first on Help Net Security.
Большой Брат на колёсах. Ваша «ласточка» втихую сливает страховщикам каждую поездку без ремня безопасности
US and Canada arrest and charge suspected Kimwolf botnet admin
你的 AI Agent安全吗?5个真实场景看透智能体安全风险
ToDesk 达成 2 亿装机量里程碑:8K 旗舰级画质加持,远程控制软件开始进入“视网膜”级竞争
Google Publishes Exploit Code for Unfixed Chromium Bug Exposing Millions of Users
Google has publicly released proof-of-concept (PoC) exploit code for a critical, still-unpatched vulnerability in the Chromium codebase, potentially exposing millions of users across Chrome, Microsoft Edge, and other Chromium-based browsers to stealthy botnet-style abuse. The vulnerability, originally reported in late 2022 by independent security researcher Lyra Rebane, remains unfixed after more than 42 months. It […]
The post Google Publishes Exploit Code for Unfixed Chromium Bug Exposing Millions of Users appeared first on Cyber Security News.