AI-powered cybersecurity tools can be turned against themselves through prompt injection attacks, allowing adversaries to hijack automated agents and gain unauthorized system access. Security researchers Víctor Mayoral-Vilches & Per Mannermaa Rynning, revealed how modern AI-driven penetration testing frameworks become vulnerable…
Hackers Leverage Hexstrike-AI Tool to Exploit Zero Day Vulnerabilities Within 10 Minutes
Threat actors are rapidly weaponizing Hexstrike-AI, a recently released AI-powered offensive security framework, to scan for and exploit zero-day CVEs in under ten minutes. Originally marketed as an offensive security framework for red teams, Hexstrike-AI’s architecture has already been repurposed…
Stealthy Python Malware Uses Discord to Steal Windows Data
Inf0s3c Stealer, a stealthy Python-based grabber built to harvest system information and user data from Windows hosts. Packed as a 64-bit PE file compressed with UPX and bundled via PyInstaller, the executable imports a suite of Windows API functions to…
Hackers Use Hexstrike-AI to Exploit Zero-Day Flaws in Just 10 Minutes
Within hours of its release, the newly unveiled framework Hexstrike-AI has emerged as a game-changer for cybercriminals, enabling them to scan, exploit and persist inside targets in under ten minutes. Originally touted as a powerful red-team tool, Hexstrike-AI rapidly morphed into an…
Hijacked by RapperBot: Devices Exploited for Instant DDoS Attacks
A newly uncovered variant of the notorious RapperBot malware is covertly commandeering internet-connected devices—particularly outdated network video recorders (NVRs)—and transforming them into a powerful distributed denial-of-service (DDoS) army in mere moments. Security researchers have detailed a sophisticated exploit chain that…
Internet mapping and research outfit Censys reveals state-based abuse, harassment
‘Universities are being used to proxy offensive government operations, turning research access decisions political’ Censys Inc, vendor of the popular Censys internet-mapping tool, has revealed that state-based actors are trying to abuse its services by hiding behind academic researchers.… This…
How gaming experience can help with a cybersecurity career
Many people might not think that playing video games could help build a career in cybersecurity. Yet the skills gained through gaming, even if they don’t seem relevant at first, can be useful in the field. An overlooked pool of…
BruteForceAI: Free AI-powered login brute force tool
BruteForceAI is a penetration testing tool that uses LLMs to improve the way brute-force attacks are carried out. Instead of relying on manual setup, the tool can analyze HTML content, detect login form selectors, and prepare the attack process automatically.…
CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity security flaw impacting TP-Link TL-WA855RE Wi-Fi Ranger Extender products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, CVE-2020-24363 (CVSS score: 8.8),…
Jaguar Land Rover Confirms Cyberattack Disrupting Global IT Systems
Jaguar Land Rover (JLR), the UK’s leading luxury automotive manufacturer, has disclosed that it is the victim of a significant cyberattack affecting its global information technology infrastructure. In a statement released early Wednesday, JLR confirmed that an unauthorized intrusion forced…
10 Ways to Optimize Data Center Operations
Running a data center efficiently is no small feat. From managing energy costs to preventing downtime, there’s a lot that can go wrong—and a lot that can be optimized. Discover 10 actionable strategies to enhance your data center operations, including…
TinyLoader Malware Spreads via Network Shares and Malicious Shortcut Files on Windows
A sophisticated malware operation that combines multiple attack vectors to steal cryptocurrency and deliver additional malicious payloads to Windows systems. A recently discovered TinyLoader malware campaign is actively targeting Windows users through a multi-pronged attack strategy involving network share exploitation,…
Cloudflare Confirms Data Breach – Customer Data Exposed via Salesforce Attack
Cloudflare has disclosed a significant data breach affecting customer information following a sophisticated supply chain attack targeting its Salesforce integration with Salesloft Drift. The incident, which occurred between August 12-17, 2025, resulted in the exposure of customer support case data…
Detecting danger: EASM in the modern security stack
In today’s complex threat environment, the challenge for security professionals isn’t just defeating threats – it’s finding your vulnerabilities in the first place. That’s where External Attack Surface Management (EASM) tools come in. EASM can identify the many weaknesses that…
Five habits of highly secure development teams
In this Help Net Security video, Brendon Collins, Principal Consultant at Optiv, explores how organizations can embed security and privacy into the software development lifecycle (SDLC) from the very start. He outlines five proactive principles, including default-deny architecture, privacy in…
Salesloft Takes Drift Offline After OAuth Token Theft Hits Hundreds of Organizations
Salesloft on Tuesday announced that it’s taking Drift temporarily offline “in the very near future,” as multiple companies have been ensnared in a far-reaching supply chain attack spree targeting the marketing software-as-a-service product, resulting in the mass theft of authentication…
Beware of SIM swapping attacks, your phone is at risk
In today’s digital world, most of our digital life is connected to our phone numbers, so keeping them safe becomes a necessity. Sad news: hackers don’t need your phone to access your number. What is SIM swapping? Also known as…
AI will drive purchases this year, but not without questions
AI is moving into security operations, but CISOs are approaching it with a mix of optimism and realism. A new report from Arctic Wolf shows that most organizations are exploring or adopting AI-driven tools, yet many still see risks that…
Cloudflare Confirms Data Breach, Hackers Stole Customer Data from Salesforce Instances
Cloudflare has confirmed a data breach where a sophisticated threat actor accessed and stole customer data from the company’s Salesforce instance. The breach was part of a wider supply chain attack that exploited a vulnerability in the Salesloft Drift chatbot…
12 Questions to Ask a Zero Trust Solution Provider
Implementing Zero Trust is no longer optional. It’s a strategic imperative. But with a flood of solutions and vendors all claiming to be the answer, navigating your options can be overwhelming. Whether you’re just starting your evaluation or finalizing a…
ISC Stormcast For Wednesday, September 3rd, 2025 https://isc.sans.edu/podcastdetail/9596, (Wed, Sep 3rd)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, September 3rd, 2025…
In under 18 months, my iPhone’s battery life has gone from great to terrible
My daily driver iPhone 15 Pro Max can’t last a day anymore. What happened? This article has been indexed from Latest news Read the original article: In under 18 months, my iPhone’s battery life has gone from great to terrible
Beyond Chatbots: Why Morpheus Leaves SOAR with Bolted-On AI in the Dust
Bolting a chatbot onto a legacy SOAR tool doesn’t make it intelligent. Here’s what real autonomous security operations look like — and why they matter. The post Beyond Chatbots: Why Morpheus Leaves SOAR with Bolted-On AI in the Dust appeared…
Grade School Crypto Videos
This is a short, gentle two-part introduction to basic cryptographic concepts using text-based crypto examples. The videos illustrate encryption, decryption, ciphers, keys, algorithms, code cracking, cryptanalysis, and letter frequency analysis. Full disclosure: I produced these videos over a decade ago.…