brangberg – Page 10

TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks

A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos.
The vulnerability in question is CVE-2026-3502 (CVSS score: 7.8), a lack of integrity check when fetching application update code, allowing an attacker to distribute a tampered update,

Censys Raises $70 Million for Internet Intelligence Platform

The latest funding round brings the total venture capital investment in Censys to $149 million.

The post Censys Raises $70 Million for Internet Intelligence Platform appeared first on SecurityWeek.

The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust

Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue.

The post The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust appeared first on SecurityWeek.

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Report shows how industrialized credential theft underpins ransomware, SaaS breaches, and geopolitical attacks, shifting security focus from prevention to detecting misuse of legitimate access.

The post Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks appeared first on SecurityWeek.

Venom Stealer Raises Stakes With Continuous Credential Harvesting

Licensed malware with built-in persistence and automation enables attackers to continuously siphon credentials, session data, and cryptocurrency assets.

The post Venom Stealer Raises Stakes With Continuous Credential Harvesting appeared first on SecurityWeek.

How to Categorize AI Agents and Prioritize Risk

AI agent risk isn’t equal, it scales with access to systems and level of autonomy. Token Security explains how CISOs should categorize agents and prioritize what to secure first. […]

TeamPCP Moves From OSS to AWS Environments

After validating stolen credentials using TruffleHog, the hacking group started AWS services enumeration and lateral movement activities.

The post TeamPCP Moves From OSS to AWS Environments appeared first on SecurityWeek.

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. […]

CrewAI Vulnerabilities Expose Devices to Hacking

Attackers can exploit the bugs through prompt injection, chaining them together to escape the sandbox and execute arbitrary code.

The post CrewAI Vulnerabilities Expose Devices to Hacking appeared first on SecurityWeek.

Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts

Cybersecurity researchers have disclosed a security “blind spot” in Google Cloud’s Vertex AI platform that could allow artificial intelligence (AI) agents to be weaponized by an attacker to gain unauthorized access to sensitive data and compromise an organization’s cloud environment.
According to Palo Alto Networks Unit 42, the issue relates to how the Vertex AI permission model can be misused

Author: brangberg