-
CISA and NCSC warn that FIRESTARTER, a Linux-based backdoor, targets Cisco Firepower devices, evades patches, and enables persistent access even after firmware updates.
·
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
ShinyHunters has leaked data linked to Udemy, Zara, and 7-Eleven, with claims of exposed Salesforce records and cloud-based systems.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
UNC6692 hackers exploit Microsoft Teams with fake IT alerts to deploy SNOW malware, steal credentials, and breach corporate networks in advanced attacks.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
New version of Vidar infostealer spreads via fake CAPTCHAs, hides in JPEG and TXT files, uses fileless attacks and steals browser, crypto wallet data.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft Entra Agent ID flaw allowed privilege escalation and tenant takeover via Service Principal abuse, now fully patched by Microsoft.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Research from Infoblox reveals a massive Click2SMS fraud scheme using fake CAPTCHAs and back button hijacking to trick victims into sending costly international texts.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Fake CAPTCHA ClickFix attack tricks users into running malicious commands, using cmdkey and regsvr32 to maintain persistence and avoid detection on Windows
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GitGuardian uncovers TeamPCP attack on Bitwarden CLI, abusing GitHub Dependabot to spread Shai-Hulud and poison AI coding tools.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
New GoGra Linux malware linked to Harvester APT targets systems in South Asia, using fake PDFs and Microsoft APIs for covert command and control.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers at Forcepoint uncover new indirect prompt injection attacks that use hidden website code to exploit AI assistants like GitHub Copilot.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
