Noteworthy stories that might have slipped under the radar: Microsoft investigates whether the ToolShell exploit was leaked via MAPP, two reports on port cybersecurity, physical backdoor used for ATM hacking attempt. The post In Other News: Microsoft Probes ToolShell Leak, Port Cybersecurity, Raspberry Pi ATM Hack appeared first on SecurityWeek.
Cybersecurity researchers have detailed a new cluster of activity where threat actors are impersonating enterprises with fake Microsoft OAuth applications to facilitate credential harvesting as part of account takeover attacks. “The fake Microsoft 365 applications impersonate various companies, including RingCentral, SharePoint, Adobe, and Docusign,” Proofpoint said in a Thursday report.Read More »Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts
A new report provides a comprehensive look at the value of Certified Ethical Hacker (CEH) credentials.
Valid, complete reports detailing remote code execution or elevation of privilege bugs in .NET qualify for the maximum rewards. The post Microsoft Boosts .NET Bounty Program Rewards to $40,000 appeared first on SecurityWeek.
Russian state-sponsored APT Secret Blizzard has used ISP-level AitM attacks to infect diplomatic devices with malware. The post Russian Cyberspies Target Foreign Embassies in Moscow via AitM Attacks: Microsoft appeared first on SecurityWeek.
Cybersecurity researchers have flagged a malicious npm package that was generated using artificial intelligence (AI) and concealed a cryptocurrency wallet drainer. The package, @kodane/patch-manager, claims to offer “advanced license validation and registry optimization utilities for high-performance Node.js applications.” It was uploaded to npm by a user named “Kodane” on JulyRead More »AI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before Takedown
Airportr is a service that allows passengers to have their luggage picked up, checked, and delivered to their destinations. As you might expect, it’s used by wealthy or important people. So if the company’s website is insecure, you’d be able to spy on lots of wealthy or important people. AndRead More »Spying on People Through Airportr Luggage Delivery Service
Just as triathletes know that peak performance requires more than expensive gear, cybersecurity teams are discovering that AI success depends less on the tools they deploy and more on the data that powers them The junk food problem in cybersecurity Imagine a triathlete who spares no expense on equipment—carbon fiberRead More »You Are What You Eat: Why Your AI Security Tools Are Only as Strong as the Data You Feed Them
Safe has raised $70 million in Series C funding to advance cyber risk management through specialized AI agents. The post Cyber Risk Management Firm Safe Raises $70 Million appeared first on SecurityWeek.
Echo received funding for creating thousands of container images that are not affected by any CVE, for enterprise-grade software infrastructure. The post Echo Raises $15M in Seed Funding for Vulnerability-Free Container Images appeared first on SecurityWeek.
