How recruitment fraud turned cloud IAM into a $2 billion attack surface

Adversaries weaponized recruitment fraud to steal cloud credentials, pivot through IAM misconfigurations, and reach AI ...
DL News

Ethereum Foundation awards $50,000 to researchers who identified ‘high-severity’ attack vector

Ethereum Foundation awarded its maximum bounty for finding a bug. Trust Security identified an attack vector in ERC4337. The ...
MIT Technology Review

Rules fail at the prompt, succeed at the boundary

Put rules at the capability boundary: Use policy engines, identity systems, and tool permissions to determine what the agent ...
JD Supra

Ransomware: What You Need to Know as Attacks, Regulation and Enforcement Increase

Ransomware attacks continue to evolve in sophistication, disrupting operations and commanding the urgent attention of regulators, law enforcement ...
CSOonline

Contagious Interview turns VS Code into an attack vector

Threat actors behind the campaign are abusing Microsoft Visual Studio Code’s trusted workflows to execute and persist malicious code. Threat actors behind the long-running Contagious Interview ...
Dark Reading

Google Gemini Flaw Turns Calendar Invites Into Attack Vector

Researchers have uncovered a prompt injection vulnerability in Google's application ecosystem that allows attackers to gain access to sensitive data via its Gemini generative artificial intellience ...
CoinTelegraph

Traveling? ‘Evil Twin’ WiFi networks can steal crypto passwords

That free cafe WiFi can look mighty tempting, but it could also be a trap. Here's what to look out for. Imagine you’ve just gotten off a 16-hour flight. You’re red-eyed and irritable, but you need to ...
thecyberexpress

Stolen VPN Credentials Most Common Ransomware Attack Vector

Compromised VPN credentials are the most common initial access vector for ransomware attacks, according to a new report. Nearly half of ransomware attacks in the third quarter abused compromised VPN ...
Microsoft

Phishing actors exploit complex routing and misconfigurations to spoof domains

Phishing actors are exploiting complex routing scenarios and misconfigured spoof protections to effectively spoof organizations’ domains and deliver phishing emails that appear, superficially, to have ...
The New York Times

Trump’s Attack on Venezuela Is Illegal and Unwise

The editorial board is a group of opinion journalists whose views are informed by expertise, research, debate and certain longstanding values. It is separate from the newsroom. Over the past few ...
ZDNet

How OpenAI is defending ChatGPT Atlas from attacks now - and why safety's not guaranteed

OpenAI built an "automated attacker" to test Atlas' defenses. The qualities that make agents useful also make them vulnerable. AI security will be a game of cat and mouse for a long time. OpenAI is ...
Bleeping Computer

Romanian water authority hit by ransomware attack over weekend

Romanian Waters (Administrația Națională Apele Române), the country's water management authority, was hit by a ransomware attack over the weekend. Officials with the National Cyber Security ...