ChatGPT o3, which has been available via API, is now 80% cheaper for developers, and there’s no visible impact on performance. […]
SmartAttack uses smartwatches to steal data from air-gapped systems
A new attack dubbed ‘SmartAttack’ uses smartwatches as a covert ultrasonic signal receiver to exfiltrate data from physically isolated (air-gapped) systems. […]
Erie Insurance confirms cyberattack behind business disruptions
Erie Insurance and Erie Indemnity Company have disclosed that a weekend cyberattack is behind the recent business disruptions and platform outages on its website. […]
Zero-click AI data leak flaw uncovered in Microsoft 365 Copilot
A new attack dubbed ‘EchoLeak’ is the first known zero-click AI vulnerability that enables attackers to exfiltrate sensitive data from Microsoft 365 Copilot from a user’s context without interaction. […]
Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks
Former members tied to the Black Basta ransomware operation have been observed sticking to their tried-and-tested approach of email bombing and Microsoft Teams phishing to establish persistent access to target networks.
“Recently, attackers have introduced Python script execution alongside these techniques, using cURL requests to fetch and deploy malicious payloads,” ReliaQuest said in a report
“Recently, attackers have introduced Python script execution alongside these techniques, using cURL requests to fetch and deploy malicious payloads,” ReliaQuest said in a report
Hackers exploited Windows WebDav zero-day to drop malware
An APT hacking group known as ‘Stealth Falcon’ exploited a Windows WebDav RCE vulnerability in zero-day attacks since March 2025 against defense and government organizations in Turkey, Qatar, Egypt, and Yemen. […]
Microsoft creates separate Windows 11 24H2 update for incompatible PCs
Microsoft confirmed on Tuesday that it’s pushing a revised security update targeting some Windows 11 24H2 systems incompatible with the initial update released during this month’s Patch Tuesday. […]
Securonix Acquires Threat Intelligence Firm ThreatQuotient
Cybersecurity heavyweight Securonix acquires ThreatQuotient to boost plans to build an all-in-one security operations stack.
The post Securonix Acquires Threat Intelligence Firm ThreatQuotient appeared first on SecurityWeek.
Maze Banks $25M to Tackle Cloud Security with AI Agents
Maze and its investors are betting on finding profits in software that uses AI-powered agents to automate critical parts of the process.
The post Maze Banks $25M to Tackle Cloud Security with AI Agents appeared first on SecurityWeek.
Brute-force attacks target Apache Tomcat management panels
A coordinated campaign of brute-force attacks using hundreds of unique IP addresses targets Apache Tomcat Manager interfaces exposed online. […]