Security researchers from cloud cybersecurity firm Wiz disclosed a critical vulnerability in Moltbook, a newly launched social network designed for AI agents, that allowed them to breach the platform’s backend and access private information in under three minutes. Moltbook is…
Tag: EN
Empowering the RAF Association with Next-Generation Cyber Resilience
The RAF Association (RAFA) boosts digital resilience and scales operations by partnering with Palo Alto Networks for zero trust and AI-driven security. The post Empowering the RAF Association with Next-Generation Cyber Resilience appeared first on Palo Alto Networks Blog. This…
NDSS 2025 – BinEnhance
Session 11B: Binary Analysis Authors, Creators & Presenters: Yongpan Wang (Institute of Information Engineering Chinese Academy of Sciences & University of Chinese Academy of Sciences, China), Hong Li (Institute of Information Engineering Chinese Academy of Sciences & University of Chinese…
U.S. CISA adds SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its…
PDFly Variant Uses Custom PyInstaller Tweaks to Obfuscate Payload, Thwarting Analysis
A new malware variant dubbed “PDFly” is abusing a heavily modified PyInstaller stub to hide its Python bytecode, forcing analysts to reverse-engineer a custom decryption routine before any meaningful analysis can begin. A closely related sample, “PDFClick,” shows almost identical…
Fake Compliance Emails Weaponize Word and PDF Attachments to Steal Sensitive Data
A newly observed phishing campaign is abusing fake “audit/compliance confirmation” emails to target macOS users and steal highly sensitive data. The campaign uses convincing business-themed lures and malicious attachments that masquerade as Word or PDF files to trick employees into…
Fake Dropbox Phishing Campaign Targets Users, Steals Login Credentials
A sophisticated phishing campaign that uses a multi-stage approach to bypass email filtering and content-scanning systems. The attack exploits trusted platforms, benign file formats, and layered redirection techniques to harvest user credentials from unsuspecting victims successfully. The attack chain begins…
Infostealer Attacks Hit macOS, Abusing Python and Trusted Platforms
A sharp rise in campaigns targeting macOS users, while attackers also ramp up Python‑based stealers and abuse trusted platforms like WhatsApp and popular PDF utilities. These attacks focus on harvesting credentials, browser data, cloud keys, and cryptocurrency wallets, then quietly…
GlassWorm Infiltrates VSX Extensions With 22,000+ Downloads to Target Developers
A new GlassWorm-linked supply chain attack abusing the Open VSX Registry, this time via a suspected compromise of a legitimate publisher’s credentials rather than typosquatted packages. The Open VSX security team assessed the activity as consistent with leaked tokens or…
Infostealer Campaigns Expand to macOS as Attackers Abuse Python and Trusted Platforms
Infostealer campaigns that once focused mainly on Windows are now expanding aggressively to macOS, using Python and trusted platforms to reach new victims. Recent attacks show a clear shift: threat actors are abusing online ads, fake apps, and familiar tools…
GlassWorm Infiltrated VSX Extensions with More than 22,000 Downloads to Attack Developers
GlassWorm has emerged as a serious threat to developers using the Open VSX Registry, where popular VSX extensions were silently turned into delivery vehicles for malware. Threat actors compromised a trusted publisher account and pushed poisoned updates that looked like…
AI-ISAC inches forward under Trump administration
The U.S. government is exploring different options for how the information-sharing organization should work, an official said. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: AI-ISAC inches forward under Trump administration
The Paramilitary ICE and CBP Units at the Center of Minnesota’s Killings
Two agents involved in the shooting deaths of US citizens in Minneapolis are reportedly part of highly militarized DHS units whose extreme tactics are generally reserved for war zones. This article has been indexed from Security Latest Read the original…
How to Verify Domain Ownership: A Technical Deep Dive
Domain ownership verification is a fundamental security mechanism that proves you control a specific domain. Whether you’re setting up email authentication, SSL certificates, or integrating third-party services, understanding domain verification methods is essential for modern web development. In this article,…
Beware of Fake Dropbox Phishing Attack that Harvest Login Credentials
Cybercriminals are launching a dangerous phishing campaign that tricks users into giving away their login credentials by impersonating Dropbox. This attack uses a multi-stage approach to bypass email security checks and content scanners. The threat actors exploit trusted cloud platforms…
National cyber director solicits industry help in fixing regulations, threat information-sharing
WASHINGTON — The U.S. government needs the business community’s help crafting the right cybersecurity strategy, President Donald Trump’s top cybersecurity official said on Tuesday. “We need input from you,” National Cyber Director Sean Cairncross said at an e… This article has…
Critical React Native Metro dev server bug under attack as researchers scream into the void
Too slow react-ion time Baddies are exploiting a critical bug in React Native’s Metro development server to deliver malware to both Windows and Linux machines, and yet the in-the-wild attacks still haven’t received the “broad public acknowledgement” that they should,…
Homeland Security is trying to force tech companies to hand over data about Trump critics
The use of administrative subpoenas, which are not subject to judicial oversight, are used to demand a wealth of information from tech companies, including the owners of anonymous online accounts documenting ICE operations. This article has been indexed from Security…
Adversarial Exposure Validation for Modern Environments
What is Adversarial Exposure Validation? Adversarial Exposure Validation is a structured approach that applies attacker-style actions to confirm how your environment behaves under real pressure. Instead of stopping at detection,… The post Adversarial Exposure Validation for Modern Environments appeared first…
National cyber director solicits industry help in fixing regulations, threat informationsharing
WASHINGTON — The U.S. government needs the business community’s help crafting the right cybersecurity strategy, President Donald Trump’s top cybersecurity official said on Tuesday. “We need input from you,” National Cyber Director Sean Cairncross said at an e… This article has…