Cyberattack Targets International Criminal Court
The International Criminal Court (ICC) has detected and contained a sophisticated and targeted cyberattack. The post Cyberattack Targets International Criminal Court appeared first on SecurityWeek.
Qantas Data Breach Impacts Up to 6 Million Customers
Australian airline Qantas says personal information stolen from systems hosting the service records of 6 million customers. The post Qantas Data Breach Impacts Up to 6 Million Customers appeared first on SecurityWeek.
Vercel’s v0 AI Tool Weaponized by Cybercriminals to Rapidly Create Fake Login Pages at Scale
Unknown threat actors have been observed weaponizing v0, a generative artificial intelligence (AI) tool from Vercel, to design fake sign-in pages that impersonate their legitimate counterparts. “This observation signals a new evolution in the weaponization of Generative AI by threat actors who have demonstrated an ability to generate a functionalRead More »Vercel’s v0 AI Tool Weaponized by Cybercriminals to Rapidly Create Fake Login Pages at Scale
Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits
Cybersecurity researchers have discovered a critical security vulnerability in artificial intelligence (AI) company Anthropic’s Model Context Protocol (MCP) Inspector project that could result in remote code execution (RCE) and allow an attacker to gain complete access to the hosts. The vulnerability, tracked as CVE-2025-49596, carries a CVSS score of 9.4Read More »Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits
TA829 and UNK_GreenSec Share Tactics and Infrastructure in Ongoing Malware Campaigns
Cybersecurity researchers have flagged the tactical similarities between the threat actors behind the RomCom RAT and a cluster that has been observed delivering a loader dubbed TransferLoader. Enterprise security firm Proofpoint is tracking the activity associated with TransferLoader to a group dubbed UNK_GreenSec and the RomCom RAT actors under theRead More »TA829 and UNK_GreenSec Share Tactics and Infrastructure in Ongoing Malware Campaigns
Were 16B Passwords Breached? The Claim Is Called Into Question
Research indicated that 16 billion passwords were exposed in what was reportedly the world’s largest data breach to date — however, some experts are questioning these claims.
PowerSchool Education Technology Company Announces Data Breach
PowerSchool, a California-based education technology company, recently announced a data breach that occurred between December 19 and December 28, 2024.
Could Increased MOVEit Transfer Scanning Signal Emerging Threat Activity?
An increase in scanning activity targeted MOVEit Transfer systems may indicate emerging threat activity.
New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status
A new study of integrated development environments (IDEs) like Microsoft Visual Studio Code, Visual Studio, IntelliJ IDEA, and Cursor has revealed weaknesses in how they handle the extension verification process, ultimately enabling attackers to execute malicious code on developer machines. “We discovered that flawed verification checks in Visual Studio CodeRead More »New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status
Critical Microsens Product Flaws Allow Hackers to Go ‘From Zero to Hero’
CISA has informed organizations about critical authentication bypass and remote code execution vulnerabilities in Microsens NMP Web+. The post Critical Microsens Product Flaws Allow Hackers to Go ‘From Zero to Hero’ appeared first on SecurityWeek.