New ZuRu Malware Variant Targeting Developers
A new report reveals new artifacts associated with ZuRu, an Apple macOS malware.
State-Backed HazyBeacon Malware Uses AWS Lambda to Steal Data from SE Asian Governments
Governmental organizations in Southeast Asia are the target of a new campaign that aims to collect sensitive information by means of a previously undocumented Windows backdoor dubbed HazyBeacon. The activity is being tracked by Palo Alto Networks Unit 42 under the moniker CL-STA-1020, where “CL” stands for “cluster” and “STA”Read More »State-Backed HazyBeacon Malware Uses AWS Lambda to Steal Data from SE Asian Governments
Securing Agentic AI: How to Protect the Invisible Identity Access
AI agents promise to automate everything from financial reconciliations to incident response. Yet every time an AI agent spins up a workflow, it has to authenticate somewhere; often with a high-privilege API key, OAuth token, or service account that defenders can’t easily see. These “invisible” non-human identities (NHIs) now outnumberRead More »Securing Agentic AI: How to Protect the Invisible Identity Access
AsyncRAT’s Open-Source Code Sparks Surge in Dangerous Malware Variants Across the Globe
Cybersecurity researchers have charted the evolution of a widely used remote access trojan called AsyncRAT, which was first released on GitHub in January 2019 and has since served as the foundation for several other variants. “AsyncRAT has cemented its place as a cornerstone of modern malware and as a pervasiveRead More »AsyncRAT’s Open-Source Code Sparks Surge in Dangerous Malware Variants Across the Globe
Zip Security Raises $13.5 Million in Series A Funding
Zip Security’s Series A funding round led by Ballistic Ventures will help the company grow its engineering and go-to-market teams. The post Zip Security Raises $13.5 Million in Series A Funding appeared first on SecurityWeek.
Ransomware Group Claims Attack on Belk
DragonForce says it stole more than 150 gigabytes of data from US department store chain Belk in a May cyberattack. The post Ransomware Group Claims Attack on Belk appeared first on SecurityWeek.
North Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign
The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing another set of 67 malicious packages to the npm registry, underscoring ongoing attempts to poison the open-source ecosystem via software supply chain attacks. The packages, per Socket, have attracted more than 17,000 downloads, and incorporateRead More »North Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign
MITRE Unveils AADAPT Framework to Tackle Cryptocurrency Threats
The MITRE AADAPT framework provides documentation for identifying, investigating, and responding to weaknesses in digital asset payments. The post MITRE Unveils AADAPT Framework to Tackle Cryptocurrency Threats appeared first on SecurityWeek.
Sesame Workshop Regains Control of Elmo’s Hacked X Account After Racist Posts
The account was compromised over the weekend and Elmo’s 650,000 followers were given antisemitic threats and a reference to the Jeffrey Epstein investigation. The post Sesame Workshop Regains Control of Elmo’s Hacked X Account After Racist Posts appeared first on SecurityWeek.
DOGE Denizen Marko Elez Leaked API Key for xAI
Marko Elez, a 25-year-old employee at Elon Musk’s Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security. So it should fill all Americans with a deep sense of confidence toRead More »DOGE Denizen Marko Elez Leaked API Key for xAI