AI company Anthropic has uncovered alarming evidence that cybercriminals are weaponizing artificial intelligence tools for sophisticated criminal operations. The company’s recent investigation revealed three particularly concerning applications of its Claude AI: large-scale extortion campaigns, fraudulent recruitment schemes linked to…
AdaptixC2 Raises Security Alarms Amid Active Use in Cyber Incidents
During this time, when digital resilience has become more important than digital innovation, there is an increasing gap between strengthened defences and the relentless adaptability of cybercriminals, which is becoming increasingly evident as we move into the next decade.…
Jaguar Land Rover Cyberattack Breaches Data and Halts Global Production
Jaguar Land Rover (JLR), the UK’s largest automaker and a subsidiary of Tata Motors, has confirmed that the recent cyberattack on its systems has not only disrupted global operations but also resulted in a data breach. The company revealed during…
IT Security News Hourly Summary 2025-09-11 15h : 14 posts
14 posts were published in the last hour 13:5 : When AI chatbots leak and how it happens 13:4 : Wyden Asks FTC to Investigate Microsoft’s ‘Gross Cybersecurity Negligence’ 13:4 : Chinese APT Actor Compromises Military Firm with Novel Fileless…
Android’s App Freedom Shrinks As Google Tightens Rules
For years, the Android vs. iOS debate has centered around one key argument: freedom of choice. Nothing highlighted this more than sideloading apps. “But iOS is a walled garden. Apple controls what you can and can’t install on your…
Box Shield Pro monitors AI workflows and sensitive data
Box announced Box Shield Pro, a new suite of security capabilities powered by AI, that builds on the company’s flagship content protection solution, Box Shield. With Box Shield Pro, customers can automatically apply AI-driven classification, accelerate threat response with agentic…
N-able’s Cat-MIP standardizes terminology for AI automation
N-able has introduced Cat-MIP, a solution designed to standardize and document terminology for AI automation and MCP Server behaviors across MSP and IT ecosystems. This breakthrough enables IT service providers to harness AI more effectively for enhanced business and cybersecurity…
UK Rail Operator LNER Confirms Cyber Attack Exposing Passenger Data
LNER cyber attack exposes passenger contact details and journey data. No financial information or passwords were taken, but… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: UK Rail…
Angular SSR Vulnerability Allows Attackers to Access Sensitive Data
A high vulnerability in Angular’s server-side rendering (SSR) feature can lead to sensitive data exposure when multiple requests are handled at the same time. This flaw, tracked as CVE-2025-59052, stems from a global race condition in the platform injector that…
OWASP Top 10 Non-Human Identity Risks for 2025: What You Need to Know
The Open Worldwide Application Security Project, OWASP, has just released its top 10 non-human identities risks for 2025. While other OWASP resources broadly address application and API security, none focus specifically on the unique challenges of NHIs. This new document…
Anthropic’s Claude AI Weaponized in $500K Cybercrime Spree
An unprecedented breach turned Claude into a cybercriminal, highlighting the risks of autonomous AI. The post Anthropic’s Claude AI Weaponized in $500K Cybercrime Spree appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original…
Senator blasts Microsoft for ‘dangerous, insecure software’ that helped pwn US hospitals
Ron Wyden urges FTC to probe failure to secure Windows after attackers used Kerberoasting to cripple Ascension Microsoft is back in the firing line after US Senator Ron Wyden accused Redmond of shipping “dangerous, insecure software” that helped cybercrooks cripple…
Critical Chrome Vulnerability Earns Researcher $43,000
Google patched a critical use-after-free vulnerability in Chrome that could potentially lead to code execution. The post Critical Chrome Vulnerability Earns Researcher $43,000 appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Critical Chrome…
Permiso Uncovers Unicode Technique to Compromise Microsoft Exchange Rules
Permiso researchers uncovered a Unicode obfuscation technique, “Inboxfuscation,” that exploits Microsoft Exchange inbox rules to evade detection and exfiltrate email data. Learn how it works and how security teams can defend against it. The post Permiso Uncovers Unicode Technique to…
How the retail sector teams up to defend against cybercrime
The cyber-threat intel-sharing and collaboration group RH-ISAC is helping companies confront cyberattacks. But the challenge is delivering timely intelligence in a dynamic threat environment. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: How…
Massive L7 DDoS Botnet Exploits 5.76M Hijacked Devices for Record Attacks
In a stark reminder of how vulnerable online services remain, Qrator Labs has revealed that a sprawling Layer 7 distributed denial-of-service (DDoS) botnet has swelled to over 5.76 million compromised devices, unleashing unprecedented traffic against critical infrastructures. Monitored since late…
Hackers Booked Very Little Profit with Widespread npm Supply Chain Attack
A sophisticated npm supply chain attack that surfaced in late August targeted thousands of downstream projects by injecting malicious payloads into popular JavaScript libraries. Initial reports pointed to a new variant of the notorious Typosquatting technique, but further analysis revealed…
Malicious Chrome Extension Attacking Users to Steal Meta Login Credentials
A novel malicious Chrome extension has been uncovered targeting digital marketers by masquerading as a productivity tool for Meta ad campaigns. Dubbed “Madgicx Plus,” this extension is distributed through a network of deceptive websites posing as legitimate AI-driven advertising platforms.…
New Attack Technique That Enables Attackers To Exfiltrate Git Credentials In Argocd
A newly disclosed attack technique enables authenticated users within the popular GitOps tool ArgoCD to exfiltrate powerful Git credentials. The method, discovered by the cybersecurity research group Future Sight, exploits Kubernetes’ internal DNS resolution to intercept credentials in transit, posing…
Boost Operational Resilience: Proactive Security with CORA Best Practices
On almost a monthly basis, the US Cybersecurity & Infrastructure Security Agency (CISA) publishes advisories about the latest cybersecurity risks, attacks and vulnerabilities to help organizations defend and protect themselves… The post Boost Operational Resilience: Proactive Security with CORA Best…
Fake Bureau of Motor Vehicles texts are after your personal and banking details
Many state departments are warning about scam text messages targeting motorists. Here’s how you can recognize them. This article has been indexed from Malwarebytes Read the original article: Fake Bureau of Motor Vehicles texts are after your personal and banking…
When AI chatbots leak and how it happens
Several AI chatbot apps are leaking user data for several reasons, but mostly because security is an afterthought. This article has been indexed from Malwarebytes Read the original article: When AI chatbots leak and how it happens
Wyden Asks FTC to Investigate Microsoft’s ‘Gross Cybersecurity Negligence’
For the second time in two years, Senator Ron Wyden is asking federal regulators to investigate Microsoft’s cybersecurity practices, saying the ongoing weaknesses in the Windows OS is making federal agencies, critical infrastructure, and corporations vulnerable to ransomware and other…
Chinese APT Actor Compromises Military Firm with Novel Fileless Malware Toolset
Bitdefender said the sophisticated multi-stage operation allowed attackers to maintain persistent access and steal sensitive data from a Philippines military company This article has been indexed from www.infosecurity-magazine.com Read the original article: Chinese APT Actor Compromises Military Firm with Novel…
Attackers Abuse Kubernetes DNS to Extract Git Credentials from ArgoCD
A newly discovered attack method targeting ArgoCD and Kubernetes that could give red-teamers fresh ammo and blue-teamers fresh headaches. This technique lets an attacker abuse Kubernetes DNS to steal powerful Git credentials from ArgoCD, potentially taking over entire Git accounts.…
Kenyan Filmmakers Targeted with FlexiSPY Spyware Tracking Messages and Social Media
The revelation that commercially available FlexiSPY spyware was clandestinely installed on devices belonging to Kenyan filmmakers while in police custody has ignited fresh concerns over press freedom and governmental overreach. Forensic analysis conducted by the Citizen Lab at the University…
CoreDNS Vulnerability Allows Attackers to Poison DNS Cache and Block Updates
A critical flaw in CoreDNS’s etcd plugin can let attackers pin DNS records in caches for years, effectively blocking legitimate updates. This vulnerability, tracked as CVE-2025-58063, stems from incorrect handling of etcd lease IDs. It affects every CoreDNS release from…