Russia-linked APT28 has been exploiting mail server vulnerabilities against government and defense entities since September 2023.
The post Russian APT Exploiting Mail Servers Against Government, Defense Organizations appeared first on SecurityWeek.
FBI Warns of Deepfake Messages Impersonating Senior Officials
The FBI says former federal and state government officials are targeted with texts and AI-generated voice messages impersonating senior US officials.
The post FBI Warns of Deepfake Messages Impersonating Senior Officials appeared first on SecurityWeek.
Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks
Researchers at ETH Zürich have discovered yet another security flaw that they say impacts all modern Intel CPUs and causes them to leak sensitive data from memory, showing that the vulnerability known as Spectre continues to haunt computer systems after more than seven years.
The vulnerability, referred to as Branch Privilege Injection (BPI), “can be exploited to misuse the prediction
The vulnerability, referred to as Branch Privilege Injection (BPI), “can be exploited to misuse the prediction
US charges 12 more suspects linked to $230 million crypto theft
Twelve more suspects were charged in a RICO conspiracy for their alleged involvement in the theft of over $230 million in cryptocurrency and laundering the funds using crypto exchanges and mixing services. […]
CISA tags recently patched Chrome bug as actively exploited
On Thursday, CISA warned U.S. federal agencies to secure their systems against ongoing attacks exploiting a high-severity vulnerability in the Chrome web browser. […]
Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks
Cybersecurity researchers have shed light on a new malware campaign that makes use of a PowerShell-based shellcode loader to deploy a remote access trojan called Remcos RAT.
“Threat actors delivered malicious LNK files embedded within ZIP archives, often disguised as Office documents,” Qualys security researcher Akshay Thorve said in a technical report. “The attack chain leverages mshta.exe for
“Threat actors delivered malicious LNK files embedded within ZIP archives, often disguised as Office documents,” Qualys security researcher Akshay Thorve said in a technical report. “The attack chain leverages mshta.exe for
[Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications
Modern apps move fast—faster than most security teams can keep up. As businesses rush to build in the cloud, security often lags behind. Teams scan code in isolation, react late to cloud threats, and monitor SOC alerts only after damage is done.
Attackers don’t wait. They exploit vulnerabilities within hours. Yet most organizations take days to respond to critical cloud alerts. That delay isn’t
Attackers don’t wait. They exploit vulnerabilities within hours. Yet most organizations take days to respond to critical cloud alerts. That delay isn’t
Hackers Win $260,000 on First Day of Pwn2Own Berlin 2025
Pwn2Own participants have earned tens of thousands of dollars for Red Hat, Windows, Oracle VirtualBox, Docker Desktop, and AI exploits.
The post Hackers Win $260,000 on First Day of Pwn2Own Berlin 2025 appeared first on SecurityWeek.
Leak confirms OpenAI’s ChatGPT will integrate MCP
ChatGPT is testing support for Model Context Protocol (MCP), which will allow the AI to connect to third-party services and use them as context. […]
ChatGPT will soon record, transcribe, and summarize your meetings
OpenAI may be planning to challenge Microsoft Teams Copilot integration with a new “Record” feature in ChatGPT. […]