Trending
Stay at the forefront of technologyโexplore the latest and most impactful trends shaping the tech world today.
Filter by Category
The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft
The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google warns the breach goes far beyond access to Salesforce data, noting the hackers responsible also stole valid authentication tokens...
Published on: September 01, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Amazon Disrupts Russian Hacking Campaign Targeting Microsoft Users
The Midnight Blizzard cyberspies used compromised websites to trick users into authorizing devices they controlled. The post Amazon Disrupts Russian Hacking Campaign Targeting Microsoft Users appeared first on SecurityWeek.
Published on: September 02, 2025 | Source:Amazon Stymies APT29 Credential Theft Campaign
A group linked to Russian intelligence services redirected victims to fake Cloudflare verification pages and exploited Microsoft's device code authentication flow.
Published on: September 02, 2025 | Source:Indirect Prompt Injection Attacks Against LLM Assistants
Really good research on practical attacks against LLM agents. โInvitation Is All You Need! Promptware Attacks Against LLM-Powered Assistants in Production Are Practical and Dangerousโ Abstract: The growing integration of LLMs into applications has introduced new security risks, notably known as Promptwareโmaliciously engineered prompts designed to manipulate LLMs to compromise the CIA triad of these applications. While...
Published on: September 03, 2025 | Source:ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics
Cybersecurity researchers have discovered a new phishing campaign undertaken by the North Korea-linked hacking group called ScarCruft (aka APT37) to deliver a malware known as RokRAT. The activity has been codenamed Operation HanKook Phantom by Seqrite Labs, stating the attacks appear to target individuals associated with the National Intelligence Research Association, including academic figures
Published on: September 01, 2025 | Source:Silver Fox Exploits Microsoft-Signed WatchDog Driver to Deploy ValleyRAT Malware
The threat actor known as Silver Fox has been attributed to abuse of a previously unknown vulnerable driver associated with WatchDog Anti-malware as part of a Bring Your Own Vulnerable Driver (BYOVD) attack aimed at disarming security solutions installed on compromised hosts. The vulnerable driver in question is "amsdk.sys" (version 1.0.600), a 64-bit, validly signed Windows kernel device driver
Published on: September 02, 2025 | Source:Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers
Cybersecurity researchers have discovered two new malicious packages on the npm registry that make use of smart contracts for the Ethereum blockchain to carry out malicious actions on compromised systems, signaling the trend of threat actors constantly on the lookout for new ways to distribute malware and fly under the radar. "The two npm packages abused smart contracts to conceal malicious
Published on: September 03, 2025 | Source:Russia's APT28 Targets Microsoft Outlook With 'NotDoor' Malware
The notorious Russian state-sponsored hacking unit, also known as Fancy Bear, is abusing Microsoft Outlook for covert data exfiltration.
Published on: September 03, 2025 | Source:Hackers Are Sophisticated & Impatient โ That Can Be Good
You can't negotiate with hackers from a place of fear โ but you can turn their urgency against them with the right playbook, people, and preparation.
Published on: September 02, 2025 | Source:Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePE
The North Korea-linked threat actor known as the Lazarus Group has been attributed to a social engineering campaign that distributes three different pieces of cross-platform malware called PondRAT, ThemeForestRAT, and RemotePE. The attack, observed by NCC Group's Fox-IT in 2024, targeted an organization in the decentralized finance (DeFi) sector, ultimately leading to the compromise of an
Published on: September 02, 2025 | Source: