Red Hat Hackers Team Up With Scattered Lapsus$ Hunters – Dark Reading
Crimson Collective, which recently breached the GitLab instance of Red Hat Consulting, has teamed up with the notorious cybercriminal collective. – Read More
2025
Unplug Gemini from email and calendars, says cybersecurity firm – CSO Online
CSOs should consider turning off Google Gemini access to employees’ Gmail and Google Calendars, because the chatbot is vulnerable to a form of prompt injection, says the head of a…
3 Extortion Gangs Join Forces in Ransomware ‘Cartel’ – Dark Reading
LockBit, Qilin, and DragonForce also invited other attackers to join their collaboration to share attack information and resources. – Read More
Figma MCP Server Opens Orgs to Agentic AI Compromise – Dark Reading
Patch now: A bug (CVE-2025-53967) in the popular Web design tool’s option for talking to agentic AI can lead to remote code execution (RCE). – Read More
Computer mice can eavesdrop on private conversations, researchers discover – CSO Online
High-end computer mice can be used to eavesdrop on the voice conversations of nearby PC users, researchers from the University of California, Irvine, have shown in a new proof-of-concept demonstration.…
Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks – The Hacker News
Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed to redirect users to sketchy sites. “Site visitors get injected…
China-Nexus Actors Weaponize ‘Nezha’ Open Source Tool – Dark Reading
A threat actor is putting a spin on classic remote monitoring and management (RMM) attacks, using a Chinese open source tool instead. – Read More
Chinese Hackers Weaponize Open-Source Nezha Tool in New Attack Wave – The Hacker News
Threat actors with suspected ties to China have turned a legitimate open-source monitoring tool called Nezha into an attack weapon, using it to deliver a known malware called Gh0st RAT…
Calling All Influencers: Spear-Phishers Dangle Tesla, Red Bull Jobs – Dark Reading
Wanna work for a hot brand? Cyberattackers continue to evolve lures for job seekers in an impersonation campaign aimed at stealing resumes from social media pros. – Read More
Open-source monitor turns into an off-the-shelf attack beacon – CSO Online
China-affiliated hackers have quietly turned a once-benign open-source network monitoring tool into a remote access beacon. According to new findings from cybersecurity firm Huntress, the attackers used log poisoning and…
LockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware Ecosystem – The Hacker News
Three prominent ransomware groups DragonForce, LockBit, and Qilin have announced a new strategic ransomware alliance, once underscoring continued shifts in the cyber threat landscape. The coalition is seen as an…
Salesforce AI agents set to assist enterprises with security and compliance – CSO Online
Salesforce has announced two new AI agents operating on its Agentforce platform: one agent that monitors activity, detects anomalies, and accelerates investigations and remediations in the Salesforce Security Center; and…
Step Into the Password Graveyard… If You Dare (and Join the Live Session) – The Hacker News
Every year, weak passwords lead to millions in losses — and many of those breaches could have been stopped. Attackers don’t need advanced tools; they just need one careless login.…
Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now – The Hacker News
Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution. The vulnerability, tracked as…
Tech over cuts: How UK law firms are investing in efficiency, not redundancy – Legal Futures
Rising operational costs, growing client expectations for value and transparency, and economic uncertainty have left many firms questioning how best to adapt. The post Tech over cuts: How UK law…