Mideast, African Hackers Target Gov’ts, Banks, Small Retailers – Dark Reading
In the hotly political Middle East, you’d expect hacktivism and disruption of services. But retail attacks? – Read More
Cyber
Over 250 Magento Stores Hit Overnight as Hackers Exploit New Adobe Commerce Flaw – The Hacker News
E-commerce security company Sansec has warned that threat actors have begun to exploit a recently disclosed security vulnerability in Adobe Commerce and Magento Open Source platforms, with more than 250…
Critical Lanscope Endpoint Manager Bug Exploited in Ongoing Cyberattacks, CISA Confirms – The Hacker News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Motex Lanscope Endpoint Manager to its Known Exploited Vulnerabilities (KEV) catalog, stating it has…
Lazarus Group Hunts European Drone Manufacturing Data – Dark Reading
The campaign is the latest effort by the North Korean threat actor to collect data of strategic interest to Pyongyang. – Read More
6 Risk-Assessment-Frameworks im Vergleich – CSO Online
Mit dem richtigen Framework lassen sich Risiken besser ergründen. FOTOGRIN – shutterstock.com Für viele Geschäftsprozesse ist Technologie inzwischen unverzichtbar. Deshalb zählt diese auch zu den wertvollsten Assets eines Unternehmens. Leider…
Serious vulnerability found in Rust library – CSO Online
Developers creating projects in the Rust programming language, as well as IT leaders with Rust-based applications in their environments, should pay attention to a serious vulnerability found in one of…
Pwn2Own Underscores Secure Development Concerns – Dark Reading
Pwn2Own Ireland kicked off on Oct. 21 and what researchers found continued to highlight how secure development practices are lacking across the industry. – Read More
Prompt hijacking puts MCP-based AI workflows at risk – CSO Online
Model context protocol (MCP) gives IT teams a standardized way to connect large language models (LLMs) to tools and data sources when developing AI-based workflows. But security researchers warn that…
The Best End User Security Awareness Programs Aren’t About Awareness Anymore – Dark Reading
The goal is to apply psychology principles to security training to change behaviors and security outcomes. – Read More
It Takes Only 250 Documents to Poison Any AI Model – Dark Reading
Researchers find it takes far less to manipulate a large language model’s (LLM) behavior than anyone previously assumed. – Read More
Too Many Secrets: Attackers Pounce on Sensitive Data Sprawl – Dark Reading
Hardcoded credentials, access tokens, and API keys are ending up in the darnedest places, prompting a call for organizations to stop over-privileging secrets. – Read More
WhatsApp Secures Ban on NSO Group After 6-Year Legal Battle – Dark Reading
NSO Group must pay $4 million in damages and is permanently prohibited from reverse-engineering WhatsApp or creating new accounts after targeting users with spyware. – Read More
Canada Fines Cybercrime Friendly Cryptomus $176M – Krebs on Security
Financial regulators in Canada this week levied $176 million in fines against Cryptomus, a digital payments platform that supports dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services. The…
Iran-Linked MuddyWater Targets 100+ Organisations in Global Espionage Campaign – The Hacker News
The Iranian nation-state group known as MuddyWater has been attributed to a new campaign that has leveraged a compromised email account to distribute a backdoor called Phoenix to various organizations…
Ukraine Aid Groups Targeted Through Fake Zoom Meetings and Weaponized PDF Files – The Hacker News
Cybersecurity researchers have disclosed details of a coordinated spear-phishing campaign dubbed PhantomCaptcha targeting organizations associated with Ukraine’s war relief efforts to deliver a remote access trojan that uses a WebSocket…