A team of academics has devised a novel attack that can be used to downgrade a 5G connection to a lower generation without relying on a rogue base station (gNB). The attack, per the ASSET (Automated Systems SEcuriTy) Research Group at the Singapore University of Technology and Design (SUTD), reliesRead More »New Sni5Gect Attack Crashes Phones and Downgrades 5G to 4G without Rogue Base Station
A new report reveals a disconnect between the organizational use of AI and AI security.
Building secure AI agent systems requires a disciplined engineering approach focused on deliberate architecture and human oversight. The post Beyond the Prompt: Building Trustworthy Agent Systems appeared first on SecurityWeek.
The cybersecurity community on Reddit responded in disbelief this month when a self-described Air National Guard member with top secret security clearance began questioning the arrangement they’d made with company called DSLRoot, which was paying $250 a month to plug a pair of laptops into the Redditor’s high-speed Internet connectionRead More »DSLRoot, Proxies, and the Threat of ‘Legal Botnets’
Cybersecurity researchers are calling attention to a sophisticated social engineering campaign that’s targeting supply chain-critical manufacturing companies with an in-memory malware dubbed MixShell. The activity has been codenamed ZipLine by Check Point Research. “Instead of sending unsolicited phishing emails, attackers initiate contact through a company’s public ‘Contact Us’ form, tricking
The personal information of many individuals was stolen from Healthcare Services Group’s computer systems in 2024. The post Healthcare Services Group Data Breach Impacts 624,000 appeared first on SecurityWeek.
A critical vulnerability in Docker Desktop allows attackers to modify the filesystem of Windows hosts to become administrators. The post Docker Desktop Vulnerability Leads to Host Compromise appeared first on SecurityWeek.
I wrote about this in 2023. Here’s the story: Three Dutch security analysts discovered the vulnerabilities—five in total—in a European radio standard called TETRA (Terrestrial Trunked Radio), which is used in radios made by Motorola, Damm, Hytera, and others. The standard has been used in radios since the ’90s, butRead More »Encryption Backdoor in Military/Police Radios
A new large-scale campaign has been observed exploiting over 100 compromised WordPress sites to direct site visitors to fake CAPTCHA verification pages that employ the ClickFix social engineering tactic to deliver information stealers, ransomware, and cryptocurrency miners. The large-scale cybercrime campaign, first detected in August 2025, has been codenamed ShadowCaptchaRead More »ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners
Researchers show how popular AI systems can be tricked into processing malicious instructions by hiding them in images. The post AI Systems Vulnerable to Prompt Injection via Image Scaling Attack appeared first on SecurityWeek.
