The recommended Ripple cryptocurrency NPM JavaScript library named “xrpl.js” was compromised to steal XRP wallet seeds and private keys and transfer them to an attacker-controlled server, allowing threat actors to steal all the funds stored in the wallets. […]
Cloud Data Security Play Sentra Raises $50 Million Series B
Sentra has now raised north of $100 million for controls technology to keep sensitive data out of misconfigured AI workflows.
The post Cloud Data Security Play Sentra Raises $50 Million Series B appeared first on SecurityWeek.
DataKrypto Launches Homomorphic Encryption Framework to Secure Enterprise AI Models
DataKrypto’s FHEnom for AI combines real-time homomorphic encryption with trusted execution environments to protect enterprise data and models from leakage, exposure, and tampering.
The post DataKrypto Launches Homomorphic Encryption Framework to Secure Enterprise AI Models appeared first on SecurityWeek.
Cookie-Bite attack PoC uses Chrome extension to steal session tokens
A proof-of-concept attack called “Cookie-Bite” uses a browser extension to steal browser session cookies from Azure Entra ID to bypass multi-factor authentication (MFA) protections and maintain access to cloud services like Microsoft 365, Outlook, and Teams. […]
Cyberattack Knocks Texas City’s Systems Offline
The city of Abilene, Texas, is scrambling to restore systems that have been taken offline in response to a cyberattack.
The post Cyberattack Knocks Texas City’s Systems Offline appeared first on SecurityWeek.
GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages
Cybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform (GCP) that could have enabled an attacker to elevate their privileges in the Cloud Composer workflow orchestration service that’s based on Apache Airflow.
“This vulnerability lets attackers with edit permissions in Cloud Composer to escalate their access to the default Cloud Build service account, which
“This vulnerability lets attackers with edit permissions in Cloud Composer to escalate their access to the default Cloud Build service account, which
SSL.com Scrambles to Patch Certificate Issuance Vulnerability
A vulnerability in SSL.com has resulted in nearly a dozen certificates for legitimate domains being wrongly issued.
The post SSL.com Scrambles to Patch Certificate Issuance Vulnerability appeared first on SecurityWeek.
Open Source Security Firm Hopper Emerges From Stealth With $7.6M in Funding
Hopper has emerged from stealth mode with a solution designed to help organizations manage open source software risk.
The post Open Source Security Firm Hopper Emerges From Stealth With $7.6M in Funding appeared first on SecurityWeek.
Many Malware Campaigns Linked to Proton66 Network
Security researchers detail various malware campaigns that use bulletproof services linked to Proton66 ASN.
The post Many Malware Campaigns Linked to Proton66 Network appeared first on SecurityWeek.
Legacy Google Service Abused in Phishing Attacks
A sophisticated phishing campaign abuses weakness in Google Sites to spoof Google no-reply addresses and bypass protections.
The post Legacy Google Service Abused in Phishing Attacks appeared first on SecurityWeek.