North Korea-linked actors behind Contagious Interview uploaded 197 new malicious npm packages to distribute a new OtterCookie malware version. North Korea-linked threat actors added 197 new malicious npm packages to spread updated OtterCookie malware as part of the ongoing Contagious…
Tag: EN
Intel in LNK Files
I was reading a pretty interesting write-up from Seqrite regarding, in part, the use of pseudo-polyglot documents. In this case, delivery occurred via ZIP archive that contains an LNK file and a PNG file. The PNG file is pseudo-polyglot file…
Growing Concern as Authorities Assess Cyber Incident at Real Estate Finance Firm
An extreme cyber intrusion which led to considerable concern among U.S. financial institutions over the weekend has been hailed by leading American banks and mortgage lenders as a major development that must be addressed urgently in order to reduce…
Big Tech’s New Rule: AI Age Checks Are Rolling Out Everywhere
Large online platforms are rapidly shifting to biometric age assurance systems, creating a scenario where users may lose access to their accounts or risk exposing sensitive personal information if automated systems make mistakes. Online platforms have struggled for decades…
Albiriox Malware Emerges, Targeting Android Users for Full Device Takeover
A dangerous new Android malware called Albiriox has been discovered by security researchers, posing a serious threat to mobile banking and cryptocurrency users worldwide. The malware operates as a Malware-as-a-Service (MaaS), allowing cybercriminals to rent access to this powerful hacking tool for…
Mystery OAST Tool Exploits 200 CVEs Using Google Cloud for Large-Scale Attacks
A sophisticated threat actor has been operating a private Out-of-band Application Security Testing (OAST) service hosted on Google Cloud infrastructure to conduct a large-scale exploit campaign targeting more than 200 CVEs, according to new research from VulnCheck. Private OAST Domain…
Tomiris Hacker Group Unveils New Tools and Techniques for Global Attacks
A new wave of cyberattacks has been discovered targeting government officials and diplomats across Russia and Central Asia. The group, which has been active for several years, is known for focusing on high-value political targets. This latest investigation shows they…
This month in security with Tony Anscombe – November 2025 edition
Data exposure by top AI companies, the Akira ransomware haul, Operation Endgame against major malware families, and more of this month’s cybersecurity news This article has been indexed from WeLiveSecurity Read the original article: This month in security with Tony…
HashJack Attack Uses URL ‘#’ to Control AI Browser Behavior
Cybersecurity firm Cato Networks reveals HashJack, a new AI browser vulnerability using the ‘#’ symbol to hide malicious commands. Microsoft and Perplexity fixed the flaw, but Google’s Gemini remains at risk. This article has been indexed from Hackread – Cybersecurity…
Google’s High-Stakes AI Strategy: Chips, Investment, and Concerns of a Tech Bubble
At Google’s headquarters, engineers work on Google’s Tensor Processing Unit, or TPU—custom silicon built specifically for AI workloads. The device appears ordinary, but its role is anything but. Google expects these chips to eventually power nearly every AI action…
Australia Bans Under-16s from Social Media Starting December
Australia is introducing a world-first ban blocking under-16s from most major social media platforms, and Meta has begun shutting down or freezing teen accounts in advance of the law taking effect. From 10 December, Australians under 16 will be…
CISA Warns of OpenPLC ScadaBR cross-site scripting vulnerability Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has officially updated its Known Exploited Vulnerabilities (KEV) catalog to include a critical flaw in OpenPLC ScadaBR, confirming that threat actors are actively weaponizing it in the wild. The security defect, identified as…
The WIRED Guide to Digital Opsec for Teens
Practicing good “operations security” is essential to staying safe online. Here’s a complete guide for teenagers (and anyone else) who wants to button up their digital lives. This article has been indexed from Security Latest Read the original article: The…
Virtual Machines on Nutanix AHV now in Akira’s Crosshairs; Enterprises must Close Gaps
Security agencies have issued a new warning about the Akira ransomware group after investigators confirmed that the operators have added Nutanix AHV virtual machines to their list of targets. This represents a significant expansion of the group’s capabilities, which…
Beware of Weaponized Google Meet Page uses ClickFix Technique to Deliver Malicious Payload
A new, highly sophisticated malware campaign has been identified targeting remote workers and organizations through a fake Google Meet landing page. Hosted on the deceptive domain gogl-meet[.]com, this attack leverages the “ClickFix” social engineering technique to bypass traditional browser security…
New Albiriox Malware Attacking Android Users to Take Complete Control of their Device
A sophisticated new Android malware family dubbed “Albiriox” has emerged on the cybercrime landscape, offering advanced remote access capabilities as a Malware-as-a-Service (MaaS). Identified by researchers at Cleafy, the malware is designed to execute On-Device Fraud (ODF) by granting attackers…
Beware of Weaponized Google Meet page that uses ClickFix to Deliver Malicious Payload
A new, highly sophisticated malware campaign has been identified targeting remote workers and organizations through a fake Google Meet landing page. Hosted on the deceptive domain gogl-meet[.]com, this attack leverages the “ClickFix” social engineering technique to bypass traditional browser security…
Attackers stole member data from French Soccer Federation
The French Soccer Federation (FFF) disclosed a data breach after hackers used a compromised account to steal member data. A compromised account allowed attackers to breach the French Soccer Federation (FFF), stealing data belonging to its members. The organization confirmed…
Friday Squid Blogging: Flying Neon Squid Found on Israeli Beach
A meter-long flying neon squid (Ommastrephes bartramii) was found dead on an Israeli beach. The species is rare in the Mediterranean. This article has been indexed from Schneier on Security Read the original article: Friday Squid Blogging: Flying Neon Squid…
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2021-26829 OpenPLC ScadaBR Cross-site Scripting Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses…