A Chinese APT has been infecting SOHO routers with the ShortLeash backdoor to build stealthy espionage infrastructure. The post Chinese APT Hacking Routers to Build Espionage Infrastructure appeared first on SecurityWeek.
Newly discovered spyware has sneaked into Apple’s App Store and Google Play to steal images from users’ mobile devices. The post Photo-Stealing Spyware Sneaks Into Apple App Store, Google Play appeared first on SecurityWeek.
The U.S. House of Representatives has formally banned congressional staff members from using WhatsApp on government-issued devices, citing security concerns. The development was first reported by Axios. The decision, according to the House Chief Administrative Officer (CAO), was motivated by worries about the app’s security. “The Office of Cybersecurity hasRead More »U.S. House Bans WhatsApp on Official Devices Over Security and Data Protection Issues
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new cyber attack campaign by the Russia-linked APT28 (aka UAC-0001) threat actors using Signal chat messages to deliver two new malware families dubbed BEARDSHELL and COVENANT. BEARDSHELL, per CERT-UA, is written in C++ and offers the ability toRead More »APT28 Uses Signal Chat to Deploy BEARDSHELL Malware and COVENANT in Ukraine
Tech support scammers are using sponsored ads and search parameter injection to trick users into calling them. The post Apple, Netflix, Microsoft Sites ‘Hacked’ for Tech Support Scams appeared first on SecurityWeek.
The Canadian Centre for Cyber Security and the U.S. Federal Bureau of Investigation (FBI) have issued an advisory warning of cyber attacks mounted by the China-linked Salt Typhoon actors to breach major global telecommunications providers as part of a cyber espionage campaign. The attackers exploited a critical Cisco IOS XERead More »China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom
A single SQL injection bug in Anthropic’s SQLite MCP server—forked over 5,000 times—can seed stored prompts, exfiltrate data, and hand attackers the keys to entire agent workflows. This entry unpacks the attack chain and lays out concrete fixes to shut it down.
North Korean hackers employ social engineering to trick Zoom Meeting participants into executing system-takeover commands. The post North Korean Hackers Take Over Victims’ Systems Using Zoom Meeting appeared first on SecurityWeek.
A record-breaking data breach occurred, involving the exposure of 16 billion login credentials.
Cybersecurity researchers are calling attention to a new jailbreaking method called Echo Chamber that could be leveraged to trick popular large language models (LLMs) into generating undesirable responses, irrespective of the safeguards put in place. “Unlike traditional jailbreaks that rely on adversarial phrasing or character obfuscation, Echo Chamber weaponizes indirectRead More »Echo Chamber Jailbreak Tricks LLMs Like OpenAI and Google into Generating Harmful Content
