The startup will use the investment to fuel global expansion of its agentless platform, including in Latin America. The post Memcyco Raises $37 Million for Anti-Impersonation Technology appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Category: EN
PeckBirdy Framework Tied to China-Aligned Cyber Campaigns
PeckBirdy command-and-control framework targeting gambling, government sectors in Asia since 2023 has been linked to China-aligned APTs This article has been indexed from www.infosecurity-magazine.com Read the original article: PeckBirdy Framework Tied to China-Aligned Cyber Campaigns
Living Off the Web: How Fake Captcha Turned Trust Into a Malware Delivery Channel
Fake Captcha abuses trusted web interactions to deliver malware and evade traditional detection. The post Living Off the Web: How Fake Captcha Turned Trust Into a Malware Delivery Channel appeared first on eSecurity Planet. This article has been indexed from…
U.S. CISA adds Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws…
AI Agents Are Booking Travel: How Businesses Can Enable Revenue & Minimize Risk
AI agents are booking travel at scale. Learn how to enable agentic commerce, stop agent hijacking and loyalty fraud, and protect your revenue. The post AI Agents Are Booking Travel: How Businesses Can Enable Revenue & Minimize Risk appeared first…
WhatsApp-Based Astaroth Banking Trojan Targets Brazilian Users in New Malware Campaign
A fresh look at digital threats shows malicious software using WhatsApp to spread the Astaroth banking trojan, mainly affecting people in Brazil. Though messaging apps are common tools for connection, they now serve attackers aiming to steal financial data.…
Cyber Briefing: 2026.01.27
Malicious Chrome and VS Code tools spread phishing, ClickFix abuses Windows, breach claims rise, AI content probes grow, and surveillance expands. This article has been indexed from CyberMaterial Read the original article: Cyber Briefing: 2026.01.27
Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088
Introduction The Google Threat Intelligence Group (GTIG) has identified widespread, active exploitation of the critical vulnerability CVE-2025-8088 in WinRAR, a popular file archiver tool for Windows, to establish initial access and deliver diverse payloads. Discovered and patched in July 2025,…
Critical vm2 Flaw Lets Attackers Bypass Sandbox and Execute Arbitrary Code in Node.js
A critical vulnerability in the vm2 JavaScript sandbox library (versions ≤ 3.10.0) enables attackers to bypass sandbox protections and execute arbitrary code with full system privileges. The flaw exploits improper sanitization of Promise callback functions, allowing remote code execution without…
ShinyHunters Group Targets Over 100 Enterprises, Including Canva, Atlassian, and Epic Games
A surge in infrastructure deployment that mirrors the tactics of SLSH, a predatory alliance uniting three major threat actors: Scattered Spider, LAPSUS$, and ShinyHunters. A sophisticated identity-theft campaign has emerged, targeting Single Sign-On (SSO) platforms particularly Okta across more than…
CISA Urges Public to Stay Alert Against Rising Natural Disaster Scams
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory alerting the public to heightened risks of malicious cyber activity targeting disaster victims. As natural disasters strike communities, threat actors capitalize on the chaos and emotional vulnerability of…
G_Wagon NPM Package Exploits Users to Steal Browser Credentials with Obfuscated Payload
A highly sophisticated infostealer malware disguised as a legitimate npm UI component library has been targeting developers through the ansi-universal-ui package. The malware, internally identified as “G_Wagon,” employs multi-stage obfuscation techniques to extract browser credentials, cryptocurrency wallets, cloud authentication keys,…
Attackers Hijack GitHub Desktop Repo to Spread Malware via Official Installer
Threat actors have successfully exploited a design flaw in GitHub’s fork architecture to distribute malware disguised as the legitimate GitHub Desktop installer. The attack chain begins with a deceptively simple but effective technique. Attackers create throwaway GitHub accounts and fork…
5 steps to approach BYOD compliance policies
<p>Endpoint usage policies must evolve as user behavior, device ownership models and regulatory expectations continue to shift. BYOD endpoints present especially complicated challenges for organizations, which have to ensure all endpoints meet data privacy and security regulations, despite not owning…
Over 100 Organizations Targeted in ShinyHunters Phishing Campaign
Domains set up by the threat actor suggest attacks aimed at Atlassian, Canva, Epic Games, HubSpot, Moderna, ZoomInfo, and WeWork. The post Over 100 Organizations Targeted in ShinyHunters Phishing Campaign appeared first on SecurityWeek. This article has been indexed from…
India Cracks Down on Grok’s AI Image Misuse
The Ministry of Electronics and Information Technology (MeitY) of India has found that the latest restrictions on Grok’s image generation tool by X are not adequate to prevent obscene content. The platform, owned by Elon Musk, restricted the controversial…
Looking Beyond the Hype Around AI Built Browser Projects
Cursor, the company that provides an artificial intelligence-integrated development environment, recently gained attention from the industry after suggesting that it had developed a fully functional browser using its own artificial intelligence agents, which is known as the Cursor AI-based development…
Tenable One AI Exposure delivers unified visibility and governance across AI, cloud and SaaS
Tenable announced general availability of Tenable One AI Exposure. With this release, the Tenable One Exposure Management Platform unifies AI protection, discovery and usage governance across the enterprise, including SaaS platforms, cloud services, APIs and agents. AI is deeply embedded…
Attackers use Windows App-V scripts to slip infostealer past enterprise defenses
A malware delivery campaign detailed by Blackpoint researchers employs an impressive array of tricks to deliver an infostealer to employees without triggering enterprise defenses or close examination by security researchers. The attackers aim to get the Amatera Stealer installed on…
ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services
Cybersecurity researchers have disclosed details of a new campaign that combines ClickFix-style fake CAPTCHAs with a signed Microsoft Application Virtualization (App-V) script to distribute an information stealer called Amatera. “Instead of launching PowerShell directly, the attacker uses this script to…