A sophisticated Linux malware framework developed almost entirely through artificial intelligence, marking the beginning of a new era in AI-powered threats. Unlike previous AI-generated malware linked to inexperienced threat actors, VoidLink represents the first documented case of high-complexity, production-grade malware…
Tag: EN
Hackers Weaponize 2,500+ Security Tools to Disable Endpoint Defenses Before Ransomware Attacks
A sophisticated campaign has weaponized over 2,500 variants of a legitimate security driver to disable endpoint protection before deploying ransomware and remote access trojans. Attackers are abusing truesight.sys, a kernel-mode driver from Adlice Software’s RogueKiller antivirus suite. The legacy version…
NVIDIA Nsight Graphics on Linux Exposed to Code Execution Vulnerability
NVIDIA has released an urgent security update addressing a critical vulnerability in NSIGHT Graphics for Linux systems. The vulnerability, tracked as CVE-2025-33206, allows attackers to execute arbitrary code through command injection, posing significant risks to development and graphics analysis workflows.…
GitLab Security Flaws Could Allow Two-Factor Authentication Bypass and DoS
GitLab has released critical security patches addressing multiple vulnerabilities affecting both Community Edition (CE) and Enterprise Edition (EE). Versions 18.8.2, 18.7.2, and 18.6.4 are now available to fix flaws that enable two-factor authentication bypass and denial-of-service attacks. GitLab strongly recommends…
Azure DNS Behavior Can Turn Private Endpoints Into DoS Risks
A DNS flaw in Azure Private Link can trigger DoS-like outages across linked VNETs. The post Azure DNS Behavior Can Turn Private Endpoints Into DoS Risks appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read…
Ireland wants to give its cops spyware, ability to crack encrypted messages
Its very own Snooper’s Charter comes a month after proposed biometric tech expansion The Irish government is planning to bolster its police’s ability to intercept communications, including encrypted messages, and provide a legal basis for spyware use.… This article has…
North Korean Hackers Target macOS Developers via Malicious VS Code Projects
The hackers trick victims into accessing GitHub or GitLab repositories that are opened using Visual Studio Code. The post North Korean Hackers Target macOS Developers via Malicious VS Code Projects appeared first on SecurityWeek. This article has been indexed from…
Privacy Takes Center Stage in WhatsApp’s Latest Feature Update
There are billions of WhatsApp users worldwide, making it a crucial communication platform for both personal and professional exchanges alike. But its wide spread has also made it an increasingly attractive target for cybercriminals because of its widespread reach…
AI Expert Warns World Is Running Out of Time to Tackle High-Risk AI Revolution
AI safety specialist David Dalrymple has warned in no unclear terms that humanity may be running out of time to get ready for the dangers of fast-moving artificial intelligence. When talking to The Guardian, the director of programme at the UK…
Rust package registry adds security tools and metrics to crates.io
The Rust project updated crates.io to include a Security tab on individual crate pages. The tab shows security advisories drawn from the RustSec database and lists which versions of a crate may have known issues. This change gives developers a…
Beware of Weaponized Shipping Documents that Deliver Remcos RAT with a Wide Range of Capabilities
Threat actors are leveraging a dangerous new campaign that weaponizes ordinary-looking shipping documents to distribute Remcos, a powerful remote access trojan. This phishing scheme uses fake shipping emails as the entry point, tricking users into opening malicious Word documents disguised…
Multiple 0-day Vulnerabilities in Anthropic Git MCP Server Enables Code Execution
Three zero-day vulnerabilities in mcp-server-git, the reference implementation of Git integration for the Model Context Protocol (MCP). The flaws stem from insufficient input validation and argument sanitization in core Git operations. Through prompt injection, attackers can execute code, delete files,…
Malicious Google Calendar invites could expose private data
Researchers showed how prompt injection hidden in a calendar invite can bypass privacy controls and turn an AI assistant into a data-leaking accomplice. This article has been indexed from Malwarebytes Read the original article: Malicious Google Calendar invites could expose…
OpenAI adds age prediction to ChatGPT to strengthen teen safety
OpenAI is rolling out age prediction on ChatGPT consumer plans to help determine whether an account likely belongs to someone under 18. Age prediction builds on protections already in place. ChatGPT relies on an age prediction model that evaluates behavioral…
VoidLink Linux Malware Was Built Using an AI Agent, Researchers Reveal
Sophisticated malware previously thought to be the work of a well-resourced cyber-crime group was built by one person – with the aid of AI tools This article has been indexed from www.infosecurity-magazine.com Read the original article: VoidLink Linux Malware Was…
Best of British: UK’s infosec envoys include Cisco, Palo Alto, and Accenture
Minister unwraps ambassadors of the Software Security Code of Practice Britain’s digital economy minister has sent forth a raft of companies as “ambassadors” to help organizations across the land embrace the UK’s Software Security Code of Practice.… This article has…
Internet Voting is Too Insecure for Use in Elections
No matter how many times we say it, the idea comes back again and again. Hopefully, this letter will hold back the tide for at least a while longer. Executive summary: Scientists have understood for many years that internet voting…
MITRE Launches New Security Framework for Embedded Systems
The Embedded Systems Threat Matrix (ESTM) aims to help organizations protect critical embedded systems. The post MITRE Launches New Security Framework for Embedded Systems appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: MITRE…
Why Identity Security Must Move Beyond MFA
By integrating identity threat detection with MFA, organizations can protect sensitive data, maintain operational continuity, and reduce risk exposure. The post Why Identity Security Must Move Beyond MFA appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
RansomHub claims alleged breach of Apple partner Luxshare
Chinese electronic manufacturer and Apple partner Luxshare Precision Industry has allegedly been breached by affiliates of the RansomHub ransomware-as-a-service outfit. Luxshare is one of the primary assemblers of Apple’s wireless earbuds, iPhones, and Vision Pro devices, as well as a…