OpenAI’s video-generating app, Sora, has raised significant questions regarding the safety and privacy of user’s biometric data, particularly with its “Cameo” feature that creates realistic AI videos, or “deepfakes,” using a person’s face and voice. To power this functionality,…
Apple offers $2 million for zero-click exploit chains
Apple bug bounty program’s categories are expanding and rewards are rising, and zero-click exploit chains may now earn researchers up to $2 million. “Our bonus system, providing additional rewards for Lockdown Mode bypasses and vulnerabilities discovered in beta software, can…
comforte AG debuts TAMUNIO, its all-in-one shield for data security
comforte AG launched TAMUNIO, a unified data security platform designed to reduce risk, accelerate innovation with cloud and AI, and optimize operational costs for the most demanding enterprises. Built on decades of experience securing mission-critical environments, TAMUNIO integrates the best…
Proof launches Certify, the cryptographic answer to AI-generated fraud
Generative AI is enabling the proliferation of fake documents, images, videos, and data at an unprecedented scale, to the point where it’s indistinguishable from reality. While fake media and misinformation have garnered the most attention, the real danger in AI…
How Chief Technology Officers Can Stay Ahead of Complex Threat Actor Tactics
Cyberattacks are becoming increasingly complex because organizations are more interconnected than ever before while threat actors are better resourced and digital environments are harder to defend. The ability to prevent… The post How Chief Technology Officers Can Stay Ahead of…
Chaosbot Using CiscoVPN and Active Directory Passwords for Network Commands
Adversaries have once again demonstrated that operational hours are irrelevant when mounting sophisticated cyberattacks. eSentire’s TRU team first observed suspicious activity within a financial services customer’s environment when legitimate CiscoVPN logins coincided with anomalous WMI calls to multiple endpoints. Investigation…
Cisco, Fortinet, Palo Alto Networks Devices Targeted in Coordinated Campaign
GreyNoise has discovered that attacks exploiting Cisco, Fortinet, and Palo Alto Networks vulnerabilities are launched from the same infrastructure. The post Cisco, Fortinet, Palo Alto Networks Devices Targeted in Coordinated Campaign appeared first on SecurityWeek. This article has been indexed…
SonicWall SSL VPN Devices Targeted by Threat Actors to Distribute Akira Ransomware
A significant uptick in Akira ransomware attacks has been observed exploiting unpatched SonicWall SSL VPN devices between July and August 2025. Despite a patch release the same day, many organizations remained vulnerable, allowing threat actors to gain initial access and…
Securing HTTPS From the Inside Out: Preventing Client-Side Interception Attacks
Overview HTTPS is the most common mechanism used to protect client-server communication on the internet. Most teams focus on SSL/TLS and server-side hardening — and for good reason — but security is layered: the system is only as strong as…
RondoDox Botnet Takes ‘Exploit Shotgun’ Approach
The botnet packs over 50 exploits targeting unpatched routers, DVRs, NVRs, CCTV systems, servers, and other network devices. The post RondoDox Botnet Takes ‘Exploit Shotgun’ Approach appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation
Fortra on Thursday revealed the results of its investigation into CVE-2025-10035, a critical security flaw in GoAnywhere Managed File Transfer (MFT) that’s assessed to have come under active exploitation since at least September 11, 2025. The company said it began…
North Korean Hackers Steal Crypto
This year, North Korean cybercriminals stole a record-breaking $2 billion in cryptocurrency assets, marking the highest annual total on record. The post North Korean Hackers Steal Crypto first appeared on CyberMaterial. This article has been indexed from CyberMaterial Read the…
Crimson Collective Hits AWS Instances
A threat group known as Crimson Collective has been actively targeting Amazon Web Services (AWS) cloud environments to steal data and extort companies. The post Crimson Collective Hits AWS Instances first appeared on CyberMaterial. This article has been indexed from…
GitHub Copilot Chat Flaw Leaks Repo Data
A security vulnerability was recently discovered in GitHub Copilot Chat, an AI assistant designed to help developers with coding tasks. The post GitHub Copilot Chat Flaw Leaks Repo Data first appeared on CyberMaterial. This article has been indexed from CyberMaterial…
DragonForce LockBit Qilin Dominate Ransomware
Google has announced a new AI Vulnerability Reward Program (VRP) that expands on its previous program from 2023. This new initiative provides The post DragonForce LockBit Qilin Dominate Ransomware first appeared on CyberMaterial. This article has been indexed from CyberMaterial…
Google Launches New AI Bug Bounty
Google has announced a new AI Vulnerability Reward Program (VRP) that expands on its previous program from 2023. This new initiative provides The post Google Launches New AI Bug Bounty first appeared on CyberMaterial. This article has been indexed from…
175 Malicious npm Packages Targeting Tech and Energy Firms, 26,000 Downloads
Socket’s Threat Research Team has uncovered a sprawling phishing campaign—dubbed “Beamglea”—leveraging 175 malicious npm packages that have amassed over 26,000 downloads. These packages serve solely as hosting infrastructure, redirecting victims to credential-harvesting pages. Though randomly named packages make accidental developer…
Critical GitHub Copilot Vulnerability Let Attackers Exfiltrate Source Code From Private Repos
A critical vulnerability in GitHub Copilot Chat, rated 9.6 on the CVSS scale, could have allowed attackers to exfiltrate source code and secrets from private repositories silently. The exploit combined a novel prompt injection technique with a clever bypass of…
Millions of (very) private chats exposed by two AI companion apps
Two AI “girlfriend” apps have blabbed millions of intimate conversations from more than 400,000 users. This article has been indexed from Malwarebytes Read the original article: Millions of (very) private chats exposed by two AI companion apps
Autonomous AI Hacking and the Future of Cybersecurity
AI agents are now hacking computers. They’re getting better at all phases of cyberattacks, faster than most of us expected. They can chain together different aspects of a cyber operation, and hack autonomously, at computer speeds and scale. This is…
Multimodal AI, A Whole New Social Engineering Playground for Hackers
Multimodal AI delivers context-rich automation but also multiplies cyber risk. Hidden prompts, poisoned pixels, and cross-modal exploits can corrupt entire pipelines. Discover how attackers manipulate multimodal inputs—and the governance, testing, and incident response strategies CISOs need to stay ahead. The…
175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign
Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to facilitate credential harvesting attacks as part of an unusual campaign. The packages have been collectively downloaded 26,000 times, acting as…
The AI SOC Stack of 2026: What Sets Top-Tier Platforms Apart?
The SOC of 2026 will no longer be a human-only battlefield. As organizations scale and threats evolve in sophistication and velocity, a new generation of AI-powered agents is reshaping how Security Operations Centers (SOCs) detect, respond, and adapt. But not…
Google Launches AI Bug Bounty with $30,000 Top Reward
Google has introduced a new AI Vulnerability Reward Program offering up to $30,000 for bug discoveries in its AI products This article has been indexed from www.infosecurity-magazine.com Read the original article: Google Launches AI Bug Bounty with $30,000 Top Reward