A China-aligned APT threat actor named “TheWizards” abuses an IPv6 networking feature to launch adversary-in-the-middle (AitM) attacks that hijack software updates to install Windows malware. […]
WordPress plugin disguised as a security tool injects backdoor
A new malware campaign targeting WordPress sites employs a malicious plugin disguised as a security tool to trick users into installing and trusting it. […]
WhatsApp unveils ‘Private Processing’ for cloud-based AI features
WhatsApp has announced the introduction of ‘Private Processing,’ a new technology that enables users to utilize advanced AI features by offloading tasks to privacy-preserving cloud servers. […]
SonicWall: SMA100 VPN vulnerabilities now exploited in attacks
Cybersecurity company SonicWall has warned customers that several vulnerabilities impacting its Secure Mobile Access (SMA) appliances are now being actively exploited in attacks. […]
Commvault says recent breach didn’t impact customer backup data
Commvault, a leading provider of data protection solutions, says a nation-state threat actor who breached its Azure environment didn’t gain access to customer backup data. […]
FBI shares massive list of 42,000 LabHost phishing domains
The FBI has shared 42,000 phishing domains tied to the LabHost cybercrime platform, one of the largest global phishing-as-a-service (PhaaS) platforms that was dismantled in April 2024. […]
Researchers Demonstrate How MCP Prompt Injection Can Be Used for Both Attack and Defense
As the field of artificial intelligence (AI) continues to evolve at a rapid pace, new research has found how techniques that render the Model Context Protocol (MCP) susceptible to prompt injection attacks could be used to develop security tooling or identify malicious tools, according to a new report from Tenable.
MCP, launched by Anthropic in November 2024, is a framework designed to connect
MCP, launched by Anthropic in November 2024, is a framework designed to connect
Tech Giants Propose Standard For End-of-Life Security Disclosures
The OpenEoX model proposes a shared data format that can be integrated into SBOMs, security advisories, and other ecosystem tools.
The post Tech Giants Propose Standard For End-of-Life Security Disclosures appeared first on SecurityWeek.
UK retailer Co-op shuts down some IT systems after hack attempt
British supermarket chain Co-op Food has confirmed to BleepingComputer via a statement that it has suffered limited operational disruption as it responds to a cyberattack. […]
Ascension discloses new data breach after third-party hacking incident
Ascension, one of the largest private healthcare systems in the United States, is notifying patients that their personal and health information was stolen in a December 2024 data theft attack, which affected a former business partner. […]