Microsoft says that the File Explorer (formerly Windows Explorer) now automatically blocks previews for files downloaded from the Internet to block credential theft attacks via malicious documents. […]
North Korean Hackers Lure Defense Engineers With Fake Jobs to Steal Drone Secrets
Threat actors with ties to North Korea have been attributed to a new wave of attacks targeting European companies active in the defense industry as part of a long-running campaign known as Operation Dream Job.
“Some of these [companies’ are heavily involved in the unmanned aerial vehicle (UAV) sector, suggesting that the operation may be linked to North Korea’s current efforts to scale up its
“Some of these [companies’ are heavily involved in the unmanned aerial vehicle (UAV) sector, suggesting that the operation may be linked to North Korea’s current efforts to scale up its
Russian Government Now Actively Managing Cybercrime Groups: Security Firm
The relationship between the Russian government and cybercriminal groups has evolved from passive tolerance.
The post Russian Government Now Actively Managing Cybercrime Groups: Security Firm appeared first on SecurityWeek.
Zero Trust Has a Blind Spot—Your AI Agents
AI agents now act, decide, and access systems on their own — creating new blind spots Zero Trust can’t see. Token Security helps organizations govern AI identities so every agent’s access, intent, and action are verified and accountable. […]
Spoofed AI sidebars can trick Atlas, Comet users into dangerous actions
OpenAI’s Atlas and Perplexity’s Comet browsers are vulnerable to AI sidebar spoofing attacks that mislead users into following fake AI-generated instructions. […]
AI Sidebar Spoofing Puts ChatGPT Atlas, Perplexity Comet and Other Browsers at Risk
SquareX has shown how malicious browser extensions can impersonate AI sidebar interfaces.
The post AI Sidebar Spoofing Puts ChatGPT Atlas, Perplexity Comet and Other Browsers at Risk appeared first on SecurityWeek.
North Korean Lazarus hackers targeted European defense companies
North Korean Lazarus hackers compromised three European companies in the defense sector through a coordinated Operation DreamJob campaign leveraging fake recruitment lures. […]
Secure AI at Scale and Speed — Learn the Framework in this Free Webinar
AI is everywhere—and your company wants in. Faster products, smarter systems, fewer bottlenecks. But if you’re in security, that excitement often comes with a sinking feeling.
Because while everyone else is racing ahead, you’re left trying to manage a growing web of AI agents you didn’t create, can’t fully see, and weren’t designed to control.
Join our upcoming webinar and learn how to make AI
Because while everyone else is racing ahead, you’re left trying to manage a growing web of AI agents you didn’t create, can’t fully see, and weren’t designed to control.
Join our upcoming webinar and learn how to make AI
ThreatsDay Bulletin: $176M Crypto Fine, Hacking Formula 1, Chromium Vulns, AI Hijack & More
Criminals don’t need to be clever all the time; they just follow the easiest path in: trick users, exploit stale components, or abuse trusted systems like OAuth and package registries. If your stack or habits make any of those easy, you’re already a target.
This week’s ThreatsDay highlights show exactly how those weak points are being exploited — from overlooked
This week’s ThreatsDay highlights show exactly how those weak points are being exploited — from overlooked
Vibe Coding’s Real Problem Isn’t Bugs—It’s Judgment
As AI coding tools flood enterprises with functional but flawed software, researchers urge embedding security checks directly into the AI workflow.
The post Vibe Coding’s Real Problem Isn’t Bugs—It’s Judgment appeared first on SecurityWeek.