A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim to facilitate digital asset theft using recruitment-themed social engineering and bespoke macOS malware. “These campaigns leveraged sophisticated social engineering techniques, custom macOS malware, and deep targeting of CI/CD infrastructure,” Wiz researchers Shira Ayal,
Cybercriminals are targeting law firms with social engineering tactics.
The speech is the latest in a string of warnings from intelligence experts that Russia is stepping up hostile activity in a “gray zone” that falls just below the threshold of war. The post UK Cyberspying Chief Calls AI ‘an Unstoppable Force’ and Warns About Russia appeared first on SecurityWeek.
Latin America and Europe become the target of two banking trojan campaigns that are designed to infect Windows and Android devices with Grandoreiro and BTMOB malware, respectively. That’s according to new findings from WatchGuard and ESET, which have observed the two malware families being used to single out companies inRead More »Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users
Cybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities. According to OX Security, the package, named “mouse5212-super-formatter,” is designed to upload files from “/mnt/user-data,” a dedicated directory used by Anthropic’s Claude artificial intelligence (AI) tool to handle uploads and outputs inRead More »Malicious npm Package Stole Files From Claude AI User Directory via GitHub
Windows users are the primary target of a new phishing threat.
Novee researchers discovered an account takeover vulnerability in the open source CFP management tool Pretalx. The post Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate appeared first on SecurityWeek.
Learn how to secure Microsoft IIS with practical hardening best practices, attacker-focused insights, and continuous validation strategies. This guide covers common IIS misconfigurations, real-world exploitation techniques, and how to protect web applications running on IIS servers. Read more The post IIS security best practices: How to secure an IIS serverRead More »IIS security best practices: How to secure an IIS server and web applications
The 2025 Internet Crime Report was published a few weeks ago, but I only just saw it. Lots of interesting statistics. Press release. News articles.
When an employee installs an AI writing assistant, connects a coding copilot to their IDE, or starts summarizing meetings with a new browser tool, they are doing exactly what a productive employee should do: finding faster ways to work. Across most organizations today, employees are running three to five AIRead More »5 Steps to Managing Shadow AI Tools Without Slowing Down Employees
