Dragos has published a report describing how threat actors used Claude AI in an attack on a water and drainage utility in Mexico.
The post Claude AI Guided Hackers Toward OT Assets During Water Utility Intrusion appeared first on SecurityWeek.
vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems.
vm2 is an open-source library used to run untrusted JavaScript code inside a secure sandbox by intercepting and proxying JavaScript objects to prevent sandboxed code from accessing the host
vm2 is an open-source library used to run untrusted JavaScript code inside a secure sandbox by intercepting and proxying JavaScript objects to prevent sandboxed code from accessing the host
Hackers abuse Google ads for GoDaddy ManageWP login phishing
A phishing campaign delivered through Google sponsored search results is targeting credentials for ManageWP, GoDaddy’s platform for managing fleets of WordPress websites. […]
Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks
Cybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge (ADB) to enlist them in a network capable of carrying out distributed denial-of-service (DDoS) attacks.
Hunt.io, which detailed the malware, said it made the discovery after identifying an exposed directory on a Netherlands-hosted
Hunt.io, which detailed the malware, said it made the discovery after identifying an exposed directory on a Netherlands-hosted
Critical vm2 sandbox bug lets attackers execute code on hosts
A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system. […]
New Cisco DoS flaw requires manual reboot to revive devices
Cisco patched a Crosswork Network Controller and Network Services Orchestrator denial-of-service vulnerability that requires manually rebooting targeted systems for recovery. […]
DAEMON Tools devs confirm breach, release malware-free version
Disc Soft Limited, the maker of DAEMON Tools Lite, confirmed that the software had been trojanized in a supply chain attack and released a new, malware-free version. […]
Autonomous Offensive Security Firm XBOW Raises $35 Million
The company raised another $35 million as an extension to its previously announced Series C funding round.
The post Autonomous Offensive Security Firm XBOW Raises $35 Million appeared first on SecurityWeek.
Why ransomware attacks succeed even when backups exist
Backups don’t fail because they’re missing, they fail because attackers destroy them first. Acronis explains how ransomware targets backup systems before encryption, leaving no path to recovery. […]
Herd Security Raises $3 Million for AI-Powered Training Platform
The startup will invest in expanding its training categories, optimizing video generation, and growing its partnership ecosystem.
The post Herd Security Raises $3 Million for AI-Powered Training Platform appeared first on SecurityWeek.