Hackers are abusing a fake macOS wallpaper app and a hijacked YouTube channel to quietly deliver notnullOSX, a new crypto-focused stealer that targets Macs via ClickFix commands and weaponized DMG installers. The campaign is highly selective, going after victims with crypto…
Tag: EN
Xinference PyPI Breach Exposes Developers to Cloud Credential Theft
A severe supply chain attack has compromised the popular Python package Xinference, exposing developers to massive data theft. Threat actors uploaded malicious versions of the tool to the Python Package Index (PyPI), embedding a heavily obfuscated infostealer into the code.…
Pass the key, passwords have passed their sell-by date
NCSC passes judgment: passkeys pass muster, passwords fail The UK’s National Cyber Security Centre (NCSC) has officially endorsed passkeys as the default authentication standard, marking the first time the agency has told consumers to move away from passwords entirely.… This…
Microsoft Graph API misused by new GoGra Linux malware for hidden communication
A new GoGra Linux malware uses Microsoft Graph API and an Outlook inbox to deliver payloads, making it stealthy and hard to detect. A new Linux version of the GoGra backdoor uses Microsoft’s Graph API and an Outlook inbox to…
Roblox clamps down on chats and age checks as legal pressure builds
Roblox is paying millions to settle child safety claims while rolling out strict age checks and chat limits that could reshape how kids use the platform. This article has been indexed from Malwarebytes Read the original article: Roblox clamps down…
Recent Microsoft Defender Vulnerability Exploited as Zero-Day
The flaw allows attackers to access the SAM database, extract NTLM hashes, and gain System privileges. The post Recent Microsoft Defender Vulnerability Exploited as Zero-Day appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Fake Document, Real Access: Foxit Impersonation Enables Stealth VNC Control
Attackers who impersonate trusted vendors do not only damage the reputation of the original vendor, but also cause heaps of trouble down the line. This article has been indexed from Security Blog G Data Software AG Read the original article:…
New OpenAI cyber product, unauthorized Mythos access, insurers to cap LLMjacking payouts
OpenAI shares cyber product with government orgs Unauthorized Mythos access, Firebox bugs fixed by Mythos Insurers move to cap LLMjacking cyber payouts Get the show notes here: https://cisoseries.com/cybersecurity-news-new-openai-cyber-product-unauthorized-mythos-access-insurers-to-cap-llmjacking-payouts/ Huge thanks to our sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond…
Sony Robot Challenges Humans At Table Tennis
Robot built by Sony AI shows how machines can adapt to constantly changing factors to execute high-speed, precise actions This article has been indexed from Silicon UK Read the original article: Sony Robot Challenges Humans At Table Tennis
Checkmarx KICS Docker Repo Hijacked in Malicious Code Injection Attack
A massive software supply chain attack has targeted the official Checkmarx KICS (Keeping Infrastructure as Code Secure) Docker Hub repository. Discovered on April 22, 2026, by Docker and Socket, the compromise involves trojanized Docker images and malicious VS Code extensions…
Fake TradingView AI Site Spreads Needle Stealer Through Phony TradingClaw App
A fake TradingView AI agent website is delivering Needle Stealer malware through a bogus “TradingClaw” assistant that can hijack victims’ browsers, drain financial accounts, and enable follow‑on attacks. The campaign targets traders seeking automated strategies on TradingView, capitalizing on the…
Apple Fixes Notification Privacy Flaw That Allowed FBI to Access Deleted Signal Messages
Apple released iOS 26.4.2 and iPadOS 26.4.2 on April 22, 2026, to patch a critical notification privacy vulnerability that allowed law enforcement to extract Signal message content from iPhones — even after the app had been deleted. The flaw, tracked…
15 Identity Providers Your B2B SaaS Must Support to Close Enterprise Deals
Struggling to close enterprise deals? Discover the 15 essential Identity Providers (IdPs) your B2B SaaS must support to meet strict security requirements. The post 15 Identity Providers Your B2B SaaS Must Support to Close Enterprise Deals appeared first on Security…
Strategic autonomy: Where you get to choose
Cybersecurity has a control problem. Most providers force you into a corner, where you must either accept their ‘black box’ ecosystems… or go without elite protection. It’s a choice between being safe and staying in control. And it’s a choice…
Tropic Trooper Uses Custom Beacon and VS Code Tunnels for Stealthy Remote Access
A new Tropic Trooper campaign that combines a trojanized PDF reader, a custom AdaptixC2 Beacon listener, and Visual Studio (VS) Code tunnels to gain and maintain remote access to targeted systems. The operation appears to focus on Chinese-speaking individuals in…
Apple Patches Privacy Issue Exposing Signal Message Data Through Notifications
Apple recently rolled out iOS 26.4.2 and iPadOS 26.4.2 to patch a critical privacy vulnerability affecting millions of users. Released on April 22, 2026, this vital security update addresses a flaw that could accidentally expose sensitive message data from secure…
Claude Mythos Exposes 271 Zero-Day Security Flaws in Firefox
Mozilla has released Firefox 150, addressing a staggering 271 zero-day vulnerabilities. The security team identified these latent flaws using Anthropic’s early-stage Claude Mythos Preview AI model. This massive cleanup represents a major shift in how tech companies detect and defend…
DARWIS Taka: A Web Vulnerability Scanner with AI-Powered Validation
DARWIS Taka, a new web vulnerability scanner, is now available for free and runs via Docker. It pairs a rules-based scanning engine with an optional AI layer that reviews each finding before it reaches the report, aimed squarely at the…
Scenario: Open-source framework for automated AI app red-teaming
Enterprises running customer service bots, data analytics agents, and other AI-driven applications in production handle sensitive records and connect to core business systems every day. LangWatch has released Scenario, an open-source framework that runs automated red-team exercises against AI agents…
A year in, Zoom’s CISO reflects on balancing security and business
In this Help Net Security interview, Sandra McLeod, CISO at Zoom, reflects on her first year in the role. She talks about moving from reactive firefighting to business strategy, and what she heard from engineers, the board, and customers during…