GitLab and Atlassian have released patches for over a dozen vulnerabilities in their products, including high-severity bugs.
The post GitLab, Atlassian Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
Anthropic web config hints at Claude Sonnet 4 and Opus 4
Anthropic is secretly working on two new models called Claude Sonnet 4 and Opus 4, which are believed to be the company’s most advanced AI models. […]
OpenAI hints at a big upgrade for ChatGPT Operator Agent
ChatGPT’s Operator, which is still in research preview, will soon become a “very useful tool,” according to Jerry Tworek, VP of Research at OpenAI. […]
Critical Samlify SSO flaw lets attackers log in as admin
A critical Samlify authentication bypass vulnerability has been discovered that allows attackers to impersonate admin users by injecting unsigned malicious assertions into legitimately signed SAML responses. […]
Russian hackers breach orgs to track aid routes to Ukraine
A Russian state-sponsored cyberespionage campaign attributed to APT28 (Fancy Bear/Forest Blizzard) hackers has been targeting and compromising international organizations since 2022 to disrupt aid efforts to Ukraine. […]
CISA Says Russian Hackers Targeting Western Supply-Lines to Ukraine
Russian military intelligence hackers intensify targeting of Western logistics and technology companies moving supplies into Ukraine.
The post CISA Says Russian Hackers Targeting Western Supply-Lines to Ukraine appeared first on SecurityWeek.
Russia to enforce location tracking app on all foreigners in Moscow
The Russian government has introduced a new law that makes installing a tracking app mandatory for all foreign nationals in the Moscow region. […]
Microsoft Sinkholes Domains, Disrupts Notorious ‘Lumma Stealer’ Malware Operation
Redmond’s threat hunters found 394,000 Windows systems talking to Lumma controllers, a victim pool included global manufacturers.
The post Microsoft Sinkholes Domains, Disrupts Notorious ‘Lumma Stealer’ Malware Operation appeared first on SecurityWeek.
Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics
Russian cyber threat actors have been attributed to a state-sponsored campaign targeting Western logistics entities and technology companies since 2022.
The activity has been assessed to be orchestrated by APT28 (aka BlueDelta, Fancy Bear, or Forest Blizzard), which is linked to the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, Military Unit 26165.
The activity has been assessed to be orchestrated by APT28 (aka BlueDelta, Fancy Bear, or Forest Blizzard), which is linked to the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, Military Unit 26165.
3AM ransomware uses spoofed IT calls, email bombing to breach networks
A 3AM ransomware affiliate is conducting highly targeted attacks using email bombing and spoofed IT support calls to socially engineer employees into giving credentials for remote access to corporate systems. […]