Socket’s Threat Research Team has uncovered a sprawling phishing campaign—dubbed “Beamglea”—leveraging 175 malicious npm packages that have amassed over 26,000 downloads. These packages serve solely as hosting infrastructure, redirecting victims to credential-harvesting pages. Though randomly named packages make accidental developer…
Critical GitHub Copilot Vulnerability Let Attackers Exfiltrate Source Code From Private Repos
A critical vulnerability in GitHub Copilot Chat, rated 9.6 on the CVSS scale, could have allowed attackers to exfiltrate source code and secrets from private repositories silently. The exploit combined a novel prompt injection technique with a clever bypass of…
Millions of (very) private chats exposed by two AI companion apps
Two AI “girlfriend” apps have blabbed millions of intimate conversations from more than 400,000 users. This article has been indexed from Malwarebytes Read the original article: Millions of (very) private chats exposed by two AI companion apps
Autonomous AI Hacking and the Future of Cybersecurity
AI agents are now hacking computers. They’re getting better at all phases of cyberattacks, faster than most of us expected. They can chain together different aspects of a cyber operation, and hack autonomously, at computer speeds and scale. This is…
Multimodal AI, A Whole New Social Engineering Playground for Hackers
Multimodal AI delivers context-rich automation but also multiplies cyber risk. Hidden prompts, poisoned pixels, and cross-modal exploits can corrupt entire pipelines. Discover how attackers manipulate multimodal inputs—and the governance, testing, and incident response strategies CISOs need to stay ahead. The…
175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign
Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to facilitate credential harvesting attacks as part of an unusual campaign. The packages have been collectively downloaded 26,000 times, acting as…
The AI SOC Stack of 2026: What Sets Top-Tier Platforms Apart?
The SOC of 2026 will no longer be a human-only battlefield. As organizations scale and threats evolve in sophistication and velocity, a new generation of AI-powered agents is reshaping how Security Operations Centers (SOCs) detect, respond, and adapt. But not…
Google Launches AI Bug Bounty with $30,000 Top Reward
Google has introduced a new AI Vulnerability Reward Program offering up to $30,000 for bug discoveries in its AI products This article has been indexed from www.infosecurity-magazine.com Read the original article: Google Launches AI Bug Bounty with $30,000 Top Reward
IT Security News Hourly Summary 2025-10-10 12h : 14 posts
14 posts were published in the last hour 10:2 : Ferrari Shows Tech Behind Upcoming Electric Supercar 10:2 : GitHub Copilot Flaw Allows Attackers to Steal Source Code from Private Repositories 10:2 : UK techies’ union warns members after breach…
AI Tools Make Phishing Attacks Harder to Detect, Survey Warns
Despite the ever-evolving landscape of cyber threats, the phishing method remains the leading avenue for data breaches in the years to come. However, in 2025, the phishing method has undergone a dangerous transformation. What used to be a crude…
LLM-Powered MalTerminal Malware Uses OpenAI GPT-4 to Create Ransomware Code
LLM-enabled malware poses new challenges for detection and threat hunting as malicious logic can be generated at runtime rather than embedded in code. Our research discovered hitherto unknown samples, and what may be the earliest example known to date of…
Cops nuke BreachForums (again) amid cybercrime supergroup extortion blitz
US and French fuzz pull the plug on Scattered Lapsus$ Hunters’ latest leak shop targeting Salesforce US authorities have seized the latest incarnation of BreachForums, the cybercriminal bazaar recently reborn under the stewardship of the so-called Scattered Lapsus$ Hunters, with…
Juniper Networks Patches Critical Junos Space Vulnerabilities
Patches were rolled out for more than 200 vulnerabilities in Junos Space and Junos Space Security Director, including nine critical-severity flaws. The post Juniper Networks Patches Critical Junos Space Vulnerabilities appeared first on SecurityWeek. This article has been indexed from…
Red Pilling of Politics – Court Strikes Down California Law on Political Deepfakes
California’s AB 2655 aimed to fight AI-generated political deepfakes, but a federal court struck it down under Section 230, highlighting the clash between free speech and AI regulation. The post Red Pilling of Politics – Court Strikes Down California Law…
Attackers are exploiting Gladinet CentreStack, Triofox vulnerability with no patch (CVE-2025-11371)
CVE-2025-11371, a unauthenticated Local File Inclusion vulnerability in Gladinet CentreStack and Triofox file-sharing and remote access platforms, is being exploited by attackers in the wild. While Gladinet is aware of the vulnerability and of its active exploitation, a patch is…
Google: Clop Accessed “Significant Amount” of Data in Oracle EBS Exploit
GTIG highlighted indicators that Clop is behind the extortion campaign targeting Oracle EBS instances, with its activity likely beginning as early as August 9 This article has been indexed from www.infosecurity-magazine.com Read the original article: Google: Clop Accessed “Significant Amount”…
Ferrari Shows Tech Behind Upcoming Electric Supercar
Ferrari unveils powertrain and chassis of first fully electric car, set for launch next year, featuring unique engine noise This article has been indexed from Silicon UK Read the original article: Ferrari Shows Tech Behind Upcoming Electric Supercar
GitHub Copilot Flaw Allows Attackers to Steal Source Code from Private Repositories
A critical weakness in GitHub Copilot Chat discovered in June 2025 exposed private source code and secrets to attackers. Rated CVSS 9.6, the vulnerability combined a novel Content Security Policy bypass with remote prompt injection. By embedding hidden prompts in…
UK techies’ union warns members after breach exposes sensitive personal details
Prospect apologizes for cyber gaffe affecting up to 160K members UK trade union Prospect is notifying members of a breach that involved data such as sexual orientation and disabilities.… This article has been indexed from The Register – Security Read…
ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities
The unpatched vulnerabilities allow attackers to execute arbitrary code remotely and escalate their privileges. The post ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: ZDI…
From LFI to RCE: Active Exploitation Detected in Gladinet and TrioFox Vulnerability
Cybersecurity company Huntress said it has observed active in-the-wild exploitation of an unpatched security flaw impacting Gladinet CentreStack and TrioFox products. The zero-day vulnerability, tracked as CVE-2025-11371 (CVSS score: 6.1), is an unauthenticated local file inclusion bug that allows unintended…
Rishi Sunak Joins Anthropic, Microsoft As Paid Advisor
Former prime minister to work with Microsoft, AI start-up Anthropic as paid adviser while continuing to serve as Commons MP This article has been indexed from Silicon UK Read the original article: Rishi Sunak Joins Anthropic, Microsoft As Paid Advisor
Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits
With the mercenary spyware industry booming, Apple VP Ivan Krstić tells WIRED that the company is also offering bonuses that could bring the max total reward for iPhone exploits to $5 million. This article has been indexed from Security Latest…
U.S. CISA adds Grafana flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Grafana flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Grafana flaw, tracked as CVE-2021-43798 (CVSS score 7.5), to its Known Exploited Vulnerabilities (KEV) catalog. Grafana is an…