Attacks that target users in their web browsers have seen an unprecedented rise in recent years. In this article, we’ll explore what a “browser-based attack” is, and why they’re proving to be so effective. What is a browser-based attack? First, it’s important to establish what a browser-based attack is. InRead More »6 Browser-Based Attacks Security Teams Need to Prepare For Right Now
In a world where threats are persistent, the modern CISO’s real job isn’t just to secure technology—it’s to preserve institutional trust and ensure business continuity. This week, we saw a clear pattern: adversaries are targeting the complex relationships that hold businesses together, from supply chains to strategic partnerships. With newRead More »⚡ Weekly Recap: Bootkit Malware, AI-Powered Attacks, Supply Chain Breaches, Zero-Days & More
The cybercrime groups tracked as UNC6040 and UNC6395 have been extorting organizations after stealing data from their Salesforce instances. The post FBI Shares IoCs for Recent Salesforce Intrusion Campaigns appeared first on SecurityWeek.
Attaullah Baig, WhatsApp’s former head of security, has filed a whistleblower lawsuit alleging that Facebook deliberately failed to fix a bunch of security flaws, in violation of its 2019 settlement agreement with the Federal Trade Commission. The lawsuit, alleging violations of the whistleblower protection provision of the Sarbanes-Oxley Act passedRead More »Lawsuit About WhatsApp Security
Powerful companies typically combine traditional lobbying and strategies used by civil society organizations when regulatory pressures threaten their core business model. The post Google Launched Behind-the-Scenes Campaign Against California Privacy Legislation; It Passed Anyway appeared first on SecurityWeek.
Introduction In this article, we explore how the Model Context Protocol (MCP) — the new “plug-in bus” for AI assistants — can be weaponized as a supply chain foothold. We start with a primer on MCP, map out protocol-level and supply chain attack paths, then walk through a hands-on proofRead More »Shiny tools, shallow checks: how the AI hype opens the door to malicious MCP servers
Two years after the fact, Fairmont Federal Credit Union tells customers their personal, financial, and medical information was compromised. The post West Virginia Credit Union Notifying 187,000 People Impacted by 2023 Data Breach appeared first on SecurityWeek.
Reported by Meta and WhatsApp, the vulnerability leads to remote code execution and was likely exploited by a spyware vendor. The post Samsung Patches Zero-Day Exploited Against Android Users appeared first on SecurityWeek.
A new artificial intelligence (AI)-powered penetration testing tool linked to a China-based company has attracted nearly 11,000 downloads on the Python Package Index (PyPI) repository, raising concerns that it could be repurposed by cybercriminals for malicious purposes. Dubbed Villager, the framework is assessed to be the work of Cyberspike, whichRead More »AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns
Chinese-speaking users are the target of a search engine optimization (SEO) poisoning campaign that uses fake software sites to distribute malware. “The attackers manipulated search rankings with SEO plugins and registered lookalike domains that closely mimicked legitimate software sites,” Fortinet FortiGuard Labs researcher Pei Han Liao said. “By using convincingRead More »HiddenGh0st, Winos and kkRAT Exploit SEO, GitHub Pages in Chinese Malware Attacks
