Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXAbusing Notion’s AI Agent for Data Theft
Notion just released version 3.0, complete with AI agents. Because the system contains Simon Willson’s lethal trifecta, it’s vulnerable to data theft though prompt injection. First, the trifecta: The lethal trifecta of capabilities is: Access to your private data—one of the most common purposes of tools in the first place! Exposure to untrusted content—any mechanism by which text (or images) controlled by a malicious...
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
SafeHill Emerges from Stealth With $2.6 Million Pre-Seed Funding
Co-founder Hector Monsegur, formerly known as “Sabu,” a black hat hacker and leader of LulzSec, now serves as SafeHill’s chief research officer. The post SafeHill Emerges from Stealth With $2.6 Million Pre-Seed Funding appeared first on SecurityWeek.
Expired protections, exposed networks: The stakes of CISA’s sunset
Congress needs to reauthorize the information-sharing law and build a modernized framework for collaborative cyber defense. The post Expired protections, exposed networks: The stakes of CISA’s sunset appeared first on CyberScoop.
Dutch Teens Arrested for Allegedly Helping Russian Hackers
One of the two 17-year-old boys allegedly walked by law enforcement and embassy offices carrying a Wi-Fi sniffer. The post Dutch Teens Arrested for Allegedly Helping Russian Hackers appeared first on SecurityWeek.
Akira Ransomware’s Exploitation of SonicWall Vulnerability Continues
In one attack, the hackers leveraged the Datto RMM utility on a domain controller and various other legitimate tools to evade detection. The post Akira Ransomware’s Exploitation of SonicWall Vulnerability Continues appeared first on SecurityWeek.
Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security
Microsoft is calling attention to a new phishing campaign primarily aimed at U.S.-based organizations that has likely utilized code generated using large language models (LLMs) to obfuscate payloads and evade security defenses. "Appearing to be aided by a large language model (LLM), the activity obfuscated its behavior within an SVG file, leveraging business terminology and a synthetic structure
First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package
Cybersecurity researchers have discovered what has been described as the first-ever instance of a malicious Model Context Protocol (MCP) server spotted in the wild, raising software supply chain risks. According to Koi Security, a legitimate-looking developer managed to slip in rogue code within an npm package called "postmark-mcp" that copied an official Postmark Labs library of the same name.
British Department Store Harrods Warns Customers That Some Personal Details Taken in Data Breach
Four people were arrested in July on suspicion of their involvement in cyberattacks against Harrods and two other leading British retail chains, Marks & Spencer and the Co-op and Harrods. The post British Department Store Harrods Warns Customers That Some Personal Details Taken in Data Breach appeared first on SecurityWeek.
China-Linked PlugX and Bookworm Malware Attacks Target Asian Telecom and ASEAN Networks
Telecommunications and manufacturing sectors in Central and South Asian countries have emerged as the target of an ongoing campaign distributing a new variant of a known malware called PlugX (aka Korplug or SOGU). "The new variant's features overlap with both the RainyDay and Turian backdoors, including abuse of the same legitimate applications for DLL side-loading, the
Friday Squid Blogging: Jigging for Squid
A nice story.
UN seeks to build consensus on ‘safe, secure and trustworthy’ AI
Secretary-General António Guterres said the organization is looking to “move from principles to practice” when it comes to setting global AI standards. The post UN seeks to build consensus on ‘safe, secure and trustworthy’ AI appeared first on CyberScoop.
Volvo Employee SSNs Stolen in Supplier Ransomware Attack
Three international vehicle manufacturers have fallen to supply chain cyberattacks in the past month alone.
Researchers Expose SVG and PureRAT Phishing Threats Targeting Ukraine and Vietnam
A new campaign has been observed impersonating Ukrainian government agencies in phishing attacks to deliver CountLoader, which is then used to drop Amatera Stealer and PureMiner. "The phishing emails contain malicious Scalable Vector Graphics (SVG) files designed to trick recipients into opening harmful attachments," Fortinet FortiGuard Labs researcher Yurren Wan said in a report shared with The
Researchers Expose Phishing Threats Distributing CountLoader and PureRAT
A new campaign has been observed impersonating Ukrainian government agencies in phishing attacks to deliver CountLoader, which is then used to drop Amatera Stealer and PureMiner. "The phishing emails contain malicious Scalable Vector Graphics (SVG) files designed to trick recipients into opening harmful attachments," Fortinet FortiGuard Labs researcher Yurren Wan said in a report shared with The
Iranian State Hackers Use SSL.com Certificates to Sign Malware
Security researchers say multiple threat groups, including Iran's Charming Kitten APT offshoot Subtle Snail, are deploying malware with code-signing certificates from the Houston-based company.
In Other News: LockBit 5.0, Department of War Cybersecurity Framework, OnePlus Vulnerability
Other noteworthy stories that might have slipped under the radar: Co-op lost 206 million due to cyberattack, South Korean credit card company hacked, Maryland Transit Administration ransomware attack. The post In Other News: LockBit 5.0, Department of War Cybersecurity Framework, OnePlus Vulnerability appeared first on SecurityWeek.
Worries mount over max-severity GoAnywhere defect
Forta, the vendor behind the file-transfer service software, has yet to report exploitation or address evidence of compromise. Independent researchers say otherwise. The post Worries mount over max-severity GoAnywhere defect appeared first on CyberScoop.
Interpol Says 260 Suspects in Online Romance Scams Have Been Arrested in Africa
The operation took place in July and August and focused on scams in which perpetrators build online romantic relationships to extract money from targets or blackmail them with explicit images, Interpol said. The post Interpol Says 260 Suspects in Online Romance Scams Have Been Arrested in Africa appeared first on SecurityWeek.
Prep is Underway, But 2026 FIFA World Cup Poses Significant Cyber Challenges
The world's most-popular sports contest starts in June 2026 across 16 venues in three countries: Securing the event infrastructure from cyber threats will require massive collaboration.
New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks
The Russian advanced persistent threat (APT) group known as COLDRIVER has been attributed to a fresh round of ClickFix-style attacks designed to deliver two new "lightweight" malware families tracked as BAITSWITCH and SIMPLEFIX. Zscaler ThreatLabz, which detected the new multi-stage ClickFix campaign earlier this month, described BAITSWITCH as a downloader that ultimately drops SIMPLEFIX, a
Microsoft Reduces Israel’s Access to Cloud and AI Products Over Reports of Mass Surveillance in Gaza
Microsoft has disabled services to a unit within the Israeli military after a company review had determined its AI and cloud computing products were being used to help carry out mass surveillance of Palestinians. The post Microsoft Reduces Israel’s Access to Cloud and AI Products Over Reports of Mass Surveillance in Gaza appeared first on SecurityWeek.
North Korea’s Fake Recruiters Feed Stolen Data to IT Workers
North Korean threat actors pose as recruiters to steal developers’ identities and supply them to fraudulent IT workers. The post North Korea’s Fake Recruiters Feed Stolen Data to IT Workers appeared first on SecurityWeek.
Crash Tests for Security: Why BAS Is Proof of Defense, Not Assumptions
Car makers don’t trust blueprints. They smash prototypes into walls. Again and again. In controlled conditions. Because design specs don’t prove survival. Crash tests do. They separate theory from reality. Cybersecurity is no different. Dashboards overflow with “critical” exposure alerts. Compliance reports tick every box. But none of that proves what matters most to a CISO: The
No Patches for Vulnerabilities Allowing Cognex Industrial Camera Hacking
Cognex is advising customers to transition to newer versions of its machine vision products. The post No Patches for Vulnerabilities Allowing Cognex Industrial Camera Hacking appeared first on SecurityWeek.
Digital Threat Modeling Under Authoritarianism
Today’s world requires us to make complex and nuanced decisions about our digital security. Evaluating when to use a secure messaging app like Signal or WhatsApp, which passwords to store on your smartphone, or what to share on social media requires us to assess risks and make judgments accordingly. Arriving at any conclusion is an exercise in threat modeling. In security, threat modeling is the process of determining...
Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure
Cybersecurity company watchTowr Labs has disclosed that it has "credible evidence" of active exploitation of the recently disclosed security flaw in Fortra GoAnywhere Managed File Transfer (MFT) software as early as September 10, 2025, a whole week before it was publicly disclosed. "This is not 'just' a CVSS 10.0 flaw in a solution long favored by APT groups and ransomware operators – it is a
New macOS XCSSET Variant Targets Firefox with Clipper and Persistence Module
Cybersecurity researchers have discovered an updated version of a known Apple macOS malware called XCSSET that has been observed in limited attacks. "This new variant of XCSSET brings key changes related to browser targeting, clipboard hijacking, and persistence mechanisms," the Microsoft Threat Intelligence team said in a Thursday report. "It employs sophisticated encryption and obfuscation
Cisco Firewall Zero-Days Exploited in China-Linked ArcaneDoor Attacks
Leading to remote code execution and privilege escalation, the flaws were exploited on Cisco ASA 5500-X series devices that lack secure boot. The post Cisco Firewall Zero-Days Exploited in China-Linked ArcaneDoor Attacks appeared first on SecurityWeek.
Cisco ASA Firewall Zero-Day Exploits Deploy RayInitiator and LINE VIPER Malware
The U.K. National Cyber Security Centre (NCSC) has revealed that threat actors have exploited the recently disclosed security flaws impacting Cisco firewalls as part of zero-day attacks to deliver previously undocumented malware families like RayInitiator and LINE VIPER. "The RayInitiator and LINE VIPER malware represent a significant evolution on that used in the previous campaign, both in
CISA says it observed nearly year-old activity tied to Cisco zero-day attacks
The agency, which issued an emergency directive to federal agencies Thursday, said it took months to determine the root cause and mitigate the activity. The post CISA says it observed nearly year-old activity tied to Cisco zero-day attacks appeared first on CyberScoop.
Cisco's Wave of Actively Exploited Zero-Day Bugs Targets Firewalls, IOS
Patch now: Cisco recently disclosed four actively exploited zero-days affecting millions of devices, including three targeted by a nation-state actor previously discovered to be behind the "ArcaneDoor" campaign.
CISA alerts federal agencies of widespread attacks using Cisco zero-days
Cisco said it was investigating state-sponsored espionage attacks in May. CISA did not explain why it waited four months to issue an emergency directive. The post CISA alerts federal agencies of widespread attacks using Cisco zero-days appeared first on CyberScoop.
Chinese APT Drops 'Brickstorm' Backdoors on Edge Devices
The China-linked cyber-espionage group UNC5221 is compromising network appliances that cannot run traditional EDR agents to deploy new versions of the "Brickstorm" backdoor.
Urgent: Cisco ASA Zero-Day Duo Under Attack; CISA Triggers Emergency Mitigation Directive
Cisco is urging customers to patch two security flaws impacting the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software, which it said have been exploited in the wild. The zero-day vulnerabilities in question are listed below - CVE-2025-20333 (CVSS score: 9.9) - An improper validation of user-supplied input
Salesforce AI Agents Forced to Leak Sensitive Data
Yet again researchers have uncovered an opportunity (dubbed "ForcedLeak" for indirect prompt injection against autonomous agents lacking sufficient security controls — but this time the risk involves PII, corporate secrets, physical location data, and so much more.