AI Trust Score Ranks LLM Security – Dark Reading
Startup Tumeryk’s State of AI Trust finds Google Gemini Pro 2.5 as the most trustworthy with ChatGPT-4 Mini a close second, while DeepSeek and Alibaba Qwen scoring lowest. – Read…
Cyber
Microsoft Patches 137 CVEs in July, But No Zero-Days – Dark Reading
Some 17 of the bugs are at high risk for exploits, including multiple remote code execution bugs in Office and SharePoint. – Read More
Malicious Open Source Packages Spike 188% YoY – Dark Reading
Data exfiltration was the most common malware in Sonatype report, with more than 4,400 packages designed to steal secrets, personally identifiable information, credentials, and API tokens. – Read More
Suspected Hacker Linked to Silk Typhoon Arrested in Milan – Dark Reading
The alleged Chinese state-sponsored hacker faces multiple charges, including wire fraud, aggravated identity theft, and unauthorized access to protected computers. – Read More
Hackers Use Leaked Shellter Tool License to Spread Lumma Stealer and SectopRAT Malware – The Hacker News
In yet another instance of threat actors repurposing legitimate tools for malicious purposes, it has been discovered that hackers are exploiting a popular red teaming tool called Shellter to distribute…
Anatsa Android Banking Trojan Hits 90,000 Users with Fake PDF App on Google Play – The Hacker News
Cybersecurity researchers have discovered an Android banking malware campaign that has leveraged a trojan named Anatsa to target users in North America using malicious apps published on Google’s official app…
Hackers ‘Shellter’ Various Stealers in Red Team Tool to Evade Detection – Dark Reading
Researchers have uncovered multiple campaigns spreading Lumma, Arechclient2, and Rhadamanthys malware by leveraging key features of the AV/EDR evasion framework. – Read More
4 Critical Steps in Advance of 47-Day SSL/TLS Certificates – Dark Reading
With certificate lifespans set to shrink by 2029, IT teams need to spend the next 100 days planning in order to avoid operational disruptions. – Read More
ClickFix-Attacken bedrohen Unternehmenssicherheit – CSO Online
Cyberkriminelle greifen immer häufiger auf ClickFix-Angriffe zurück. NAJA x -shutterstock.com Weniger bekannt als Phishing ist die Social-Engineering-Methode ClickFix. Ziel solcher Attacken ist es, die Opfer dazu zu bewegen, bösartige Befehle…
Malicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension – The Hacker News
Cybersecurity researchers have flagged a supply chain attack targeting a Microsoft Visual Studio Code (VS Code) extension called Ethcode that has been installed a little over 6,000 times. The compromise,…
Checking for Fraud: Texas Community Bank Nips Check Fraud in the Bud – Dark Reading
Within months of implementing anti-fraud measures and automation, Texas National Bank prevented more than $300,000 in check fraud. – Read More
How a 12-year-old bug in Sudo is still haunting Linux users – CSO Online
Two new vulnerabilities have been found in Sudo, a privileged command-line tool installed on Linux systems, that can allow privilege escalation and unintended command execution on affected Ubuntu and Debian…
5 Ways Identity-based Attacks Are Breaching Retail – The Hacker News
From overprivileged admin roles to long-forgotten vendor tokens, these attackers are slipping through the cracks of trust and access. Here’s how five retail breaches unfolded, and what they reveal about……
The trust crisis in the cloud…and why blockchain deserves a seat at the table – CSO Online
As a cybersecurity consultant guiding organizations across the globe through digital transformation, I’ve observed one recurring pattern: We place immense trust in cloud services without fully questioning the fragility of…
RondoDox Botnet Exploits Flaws in TBK DVRs and Four-Faith Routers to Launch DDoS Attacks – The Hacker News
Cybersecurity researchers are calling attention to a malware campaign that’s targeting security flaws in TBK digital video recorders (DVRs) and Four-Faith routers to rope the devices into a new botnet…