Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local files and execute code remotely. […]
Chinese hackers exploiting Dell zero-day flaw since mid-2024
A suspected Chinese state-backed hacking group has been quietly exploiting a critical Dell security flaw in zero-day attacks that started in mid-2024. […]
Notepad++ boosts update security with ‘double-lock’ mechanism
Notepad++ has adopted a “double-lock” design for its update mechanism to address recently exploited security gaps that resulted in a supply-chain compromise. […]
Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies
Cybersecurity researchers have disclosed that artificial intelligence (AI) assistants that support web browsing or URL fetching capabilities can be turned into stealthy command-and-control (C2) relays, a technique that could allow attackers to blend into legitimate enterprise communications and evade detection.
The attack method, which has been demonstrated against Microsoft Copilot and xAI Grok
The attack method, which has been demonstrated against Microsoft Copilot and xAI Grok
Keenadu Firmware Backdoor Infects Android Tablets via Signed OTA Updates
A new Android backdoor that’s embedded deep into the device firmware can silently harvest data and remotely control its behavior, according to new findings from Kaspersky.
The Russian cybersecurity vendor said it discovered the backdoor, dubbed Keenadu, in the firmware of devices associated with various brands, including Alldocube, with the compromise occurring during the firmware build phase.
The Russian cybersecurity vendor said it discovered the backdoor, dubbed Keenadu, in the firmware of devices associated with various brands, including Alldocube, with the compromise occurring during the firmware build phase.
VulnCheck Raises $25 Million in Series B Funding to Scale Vulnerability Intelligence
The latest funding round was led by Sorenson Capital and brings the total investment to $45 million.
The post VulnCheck Raises $25 Million in Series B Funding to Scale Vulnerability Intelligence appeared first on SecurityWeek.
Microsoft Teams outage affects users in United States, Europe
Microsoft is working to resolve an ongoing outage affecting Microsoft Teams users, causing delays and preventing some from accessing the service. […]
Hackers Offer to Sell Millions of Eurail User Records
Eurail has confirmed that the stolen data is up for sale, but it’s still trying to determine how many individuals are impacted.
The post Hackers Offer to Sell Millions of Eurail User Records appeared first on SecurityWeek.
What 5 Million Apps Revealed About Secrets in JavaScript
Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery – until now. Intruder’s research team built a new secrets detection method and scanned 5 million applications specifically looking for secrets hidden in JavaScript bundles. Here’s what we learned. […]
New Keenadu backdoor found in Android firmware, Google Play apps
A newly discovered and sophisticated Android malware called Keenadu has been found embedded in firmware from multiple device brands, enabling it to compromise all installed applications and gain unrestricted control over infected devices. […]