Latest IntelligencePage 69
Search by keyword →
Critical Microsoft 365 Copilot Vulnerabilities Expose sensitive Information
Microsoft has disclosed and fully remediated three critical information disclosure vulnerabilities affecting Microsoft 365 Copilot and Copilot Chat in Microsoft...
ShinyHunters Claims Second Attack Against Instructure
The edtech company is struggling to wrest control from its hackers. PII belonging to hundreds of millions of people is on the line....
.webp)
New PamDOORa Backdoor Attacking Linux Systems to Steal SSH Credentials
A new backdoor called PamDOORa has emerged as a serious and growing threat to Linux systems, targeting one of the most trusted components of the operating syste...
Hackers Deploy Modular RAT With Credential Theft and Screenshot Capture Capabilities
A newly identified malware campaign is targeting senior executives and government investigators across Southeast Asia, using a modular Remote Access Trojan capa...
Škoda Security Incident Exposes Customers Data From Online Shop
Škoda Auto has disclosed a significant IT security incident affecting its official online shop, revealing that unauthorized individuals exploited a vulnerabilit...
Hackers Use Fake OpenClaw Installer to Steal Crypto Wallet and Password Manager Credentials
A dangerous new infostealer campaign is targeting some of the most sensitive data people store on their computers. Disguised as a legitimate installer for OpenC...
Apple and Meta warn Canada’s Bill C-22 forces encryption backdoors
Apple and Meta are publicly opposing portions of Canada’s proposed lawful access legislation, warning that Bill C-22 could weaken encryption protections, introd...
NVIDIA confirms GeForce NOW data breach affecting Armenian users
NVIDIA has confirmed in a statement for BleepingComputer that GeForce NOW user information has been exposed in a data breach. [...]...
In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner
Other noteworthy stories that might have slipped under the radar: US gov targets 72-hour patch cycles, malware uses Windows Phone Link to steal OTPs, spy operat...
New ZiChatBot Malware Uses Zulip REST APIs as Command and Control Server
A newly discovered malware called ZiChatBot has been found quietly using the REST APIs of a legitimate team chat application called Zulip to receive and carry o...
Why More Analysts Won’t Solve Your SOC’s Alert Problem
Attackers move faster than overwhelmed SOC teams can realistically investigate alerts. Prophet Security breaks down how AI can help analysts investigate alerts ...
Hackers Leveraged Hugging Face and ClawHub With 575+ Malicious Skills to Deploy Malware
An active malware distribution campaign abusing two prominent AI platforms Hugging Face and ClawHub to deliver trojans, cryptominers, and infostealers disguised...
Fake Moustache Bypasses Age Verification System Raising Online Safety Act Concerns
A 12-year-old boy grabbed an eyebrow pencil, drew a moustache on his face, held it up to his screen, and was verified as 15 years old. That single moment, share...
Trellix source code breach claimed by RansomHouse hackers
The attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which leaked a small set of images as pro...
New Infostealer Campaign Uses GitHub Releases for Payload Hosting and Evasion
A newly discovered cyberespionage campaign is using a deceptively simple tactic to slip past security defenses: disguising malware as a humanitarian aid request...
.webp)
Hackers Abuse Signed Logitech Installer to Deploy TCLBANKER Banking Trojan
A new banking trojan known as TCLBANKER has been quietly making rounds, and its delivery method is as clever as it is concerning. Attackers are using a trojaniz...
EU calls VPNs “a loophole that needs closing” in age verification push
The European Parliamentary Research Service (EPRS) has warned that virtual private networks (VPNs) are increasingly being used to bypass online age-verification...
CISA gives feds four days to patch Ivanti flaw exploited as zero-day
CISA has given U.S. federal agencies four days to secure their networks against a high-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) exploited...
DarkMoon AI-Powered Autonomous Penetration Testing Platform With 50+ Tools
A new open-source cybersecurity platform called DarkMoon has emerged as a significant advancement in autonomous penetration testing. It provides security teams ...
Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants
The hackers gained the ability to modify equipment operational parameters, creating a direct risk to the public water supply. The post Polish Security Agency Re...