Nimble ‘Gunra’ Ransomware Evolves With Linux Variant – Dark Reading
The emerging cybercriminal gang, which initially targeted Microsoft Windows systems, is looking to go cross-platform using sophisticated, multithread encryption. – Read More
Cyber
Google patches Gemini CLI tool after prompt injection flaw uncovered – CSO Online
It’s barely been out for a month and already security researchers have discovered a prompt injection vulnerability in Google’s Gemini command line interface (CLI) AI agent that could be exploited…
Wiz Uncovers Critical Access Bypass Flaw in AI-Powered Vibe Coding Platform Base44 – The Hacker News
Cybersecurity researchers have disclosed a now-patched critical security flaw in a popular vibe coding platform called Base44 that could allow unauthorized access to private applications built by its users. “The…
PyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails and Lookalike Domain – The Hacker News
The maintainers of the Python Package Index (PyPI) repository have issued a warning about an ongoing phishing attack that’s targeting users in an attempt to redirect them to fake PyPI…
Critical Flaw in Vibe-Coding Platform Base44 Exposed Apps – Dark Reading
A now-patched authentication issue on the popular vibe-coding platform gave unauthorized users open access to any private application on Base44. – Read More
The Hidden Threat of Rogue Access – Dark Reading
With the right IGA tools, governance policies, and risk thresholds, enterprises can continuously detect and act on rogue access before attackers do. – Read More
Chaos RaaS Emerges After BlackSuit Takedown, Demanding $300K from U.S. Victims – The Hacker News
A newly emerged ransomware-as-a-service (RaaS) gang called Chaos is likely made up of former members of the BlackSuit crew, as the latter’s dark web infrastructure has been the subject of…
Supply Chain Attacks Spotted in GitHub Actions, Gravity Forms, npm – Dark Reading
Researchers discovered backdoors, poisoned code, and malicious commits in some of the more popular tool developers, jeopardizing software supply chains. – Read More
Auto-Color RAT targets SAP NetWeaver bug in an advanced cyberattack – CSO Online
Threat actors recently tried to exploit a freshly patched max-severity SAP Netweaver flaw to deploy a persistent Linux remote access trojan (RAT) “Auto-Color.” According to a Darktrace report, a recent…
How the Browser Became the Main Cyber Battleground – The Hacker News
Until recently, the cyber attacker methodology behind the biggest breaches of the last decade or so has been pretty consistent: Compromise an endpoint via software exploit, or social engineering a…
Cybercriminals Use Fake Apps to Steal Data and Blackmail Users Across Asia’s Mobile Networks – The Hacker News
Cybersecurity researchers have discovered a new, large-scale mobile malware campaign that’s targeting Android and iOS platforms with fake dating, social networking, cloud storage, and car service apps to steal sensitive…
Why React Didn’t Kill XSS: The New JavaScript Injection Playbook – The Hacker News
React conquered XSS? Think again. That’s the reality facing JavaScript developers in 2025, where attackers have quietly evolved their injection techniques to exploit everything from prototype pollution to AI-generated code,…
Cybersicherheitsausgaben wachsen langsamer – CSO Online
Die Ausgaben steigen weltweit, in Deutschland aber mit leichter Delle. PeopleImages.com – Yuri A Viele Unternehmen haben bereits realisiert, wie wichtig Investitionen in Cybersicherheit sind und erhöhen dementsprechend ihre Ausgaben…
Ermittler stoppen Erpresser-Software von Blacksuit/Royal – CSO Online
Die Angreifer verschlüsseln Daten nicht nur, sondern stehlen diese vorher. AIBooth – shutterstock.com Fast 200 Opfer und ein Millionenschaden: Internationalen Ermittlern ist ein Schlag gegen weltweit agierende cyberkriminelle Erpresser gelungen.…
Nach Flugausfällen sprechen Hacker und Kreml von Angriff – CSO Online
Im Kreml spricht man von alarmierenden Nachrichten. FOTOGRIN – shutterstock.com In Moskau sind nach einem mutmaßlichen Angriff proukrainischer Hackergruppen Dutzende Flüge ausgefallen. Die staatliche russische Fluggesellschaft Aeroflot sprach zunächst von…