Security researchers are increasingly warning that cyberattacks no longer rely on obvious malware or suspicious downloads. Instead, many modern campaigns succeed by blending into routine, trusted workflows, the everyday actions people perform at work without…

Continue Reading

Have I Been Pwned, a security service website, has added CarGurus to its data breach database, confirming that the automotive marketplace was impacted by a data leak affecting over 12 million accounts. According to Have…

Continue Reading

SolarWinds has released Serv-U 15.5.4 with patches for multiple critical vulnerabilities as well as feature parity improvements in File Share amongst other updates. Serv-U is commonly deployed in managed file transfer contexts, which often sit…

Continue Reading

Mental health apps are increasingly handling data that looks a lot like medical records mood logs, CBT notes, medication schedules, and in some cases indicators of self-harm. And new research by mobile security firm Oversecured…

Continue Reading

Security teams have spent the last two years adapting to prompt injection and LLM data leakage. Now there’s a more operational threat emerging with the weaponizing of AI agent ecosystems and using the agent as…

Continue Reading

Security researchers at Socket‘s Threat Research have uncovered a new supply-chain attack that blends typosquatting, credential theft, and emerging attacks on AI-assisted developer tooling. The campaign, tracked as SANDWORM_MODE, is being described as a worm-like…

Continue Reading

Hackers are abusing Facebook’s advertising platform to distribute fake Windows 11 download pages that deliver credential-stealing malware instead of legitimate updates. In a Malwarebytes security report, campaigns were found using paid Facebook ads designed to…

Continue Reading