Many organizations still struggle to patch fast enough to prevent breaches. Join us December 2 at 2PM ET to learn how modern patch management strategies can reduce risk and close the remediation gap. […]
Honoring Our Veteran Readers: Thank You for Your Service
Your dedication to service, teamwork, and resilience is woven into the very fabric of cybersecurity.
The post Honoring Our Veteran Readers: Thank You for Your Service appeared first on SecurityWeek.
‘Whisper Leak’ LLM Side-Channel Attack Infers User Prompt Topics
Attackers intercepting network traffic can determine the conversation topic with a chatbot despite end-to-end encrypted communication.
The post ‘Whisper Leak’ LLM Side-Channel Attack Infers User Prompt Topics appeared first on SecurityWeek.
CISO’s Expert Guide To AI Supply Chain Attacks
AI-enabled supply chain attacks jumped 156% last year. Discover why traditional defenses are failing and what CISOs must do now to protect their organizations.
Download the full CISO’s expert guide to AI Supply chain attacks here.
TL;DR
Download the full CISO’s expert guide to AI Supply chain attacks here.
TL;DR
AI-enabled supply chain attacks are exploding in scale and sophistication – Malicious package uploads to open-source repositories jumped 156% in
Researchers Detect Malicious npm Package Targeting GitHub-Owned Repositories
Cybersecurity researchers have discovered a malicious npm package named “@acitons/artifact” that typosquats the legitimate “@actions/artifact” package with the intent to target GitHub-owned repositories.
“We think the intent was to have this script execute during a build of a GitHub-owned repository, exfiltrate the tokens available to the build environment, and then use those tokens to publish
“We think the intent was to have this script execute during a build of a GitHub-owned repository, exfiltrate the tokens available to the build environment, and then use those tokens to publish
Android Trojan ‘Fantasy Hub’ Malware Service Turns Telegram Into a Hub for Hackers
Cybersecurity researchers have disclosed details of a new Android remote access trojan (RAT) called Fantasy Hub that’s sold on Russian-speaking Telegram channels under a Malware-as-a-Service (MaaS) model.
According to its seller, the malware enables device control and espionage, allowing threat actors to collect SMS messages, contacts, call logs, images, and videos, as well as intercept, reply,
According to its seller, the malware enables device control and espionage, allowing threat actors to collect SMS messages, contacts, call logs, images, and videos, as well as intercept, reply,
APT37 hackers abuse Google Find Hub in Android data-wiping attacks
North Korean hackers from the KONNI activity cluster are abusing Google’s Find Hub tool to track their targets’ GPS positions and trigger remote factory resets of Android devices. […]
Mozilla Firefox gets new anti-fingerprinting defenses
Mozilla announced a major privacy upgrade in Firefox 145 that reduces even more the number of users vulnerable to digital fingerprinting. […]
Quantum Route Redirect PhaaS targets Microsoft 365 users worldwide
A new phishing automation platform named Quantum Route Redirect is using around 1,000 domains to steal Microsoft 365 users’ credentials. […]
Hackers Exploiting Triofox Flaw to Install Remote Access Tools via Antivirus Feature
Google’s Mandiant Threat Defense on Monday said it discovered n-day exploitation of a now-patched security flaw in Gladinet’s Triofox file-sharing and remote access platform.
The critical vulnerability, tracked as CVE-2025-12480 (CVSS score: 9.1), allows an attacker to bypass authentication and access the configuration pages, resulting in the upload and execution of arbitrary payloads.
The
The critical vulnerability, tracked as CVE-2025-12480 (CVSS score: 9.1), allows an attacker to bypass authentication and access the configuration pages, resulting in the upload and execution of arbitrary payloads.
The