Several ransomware groups have been spotted using a packer-as-a-service (PaaS) platform named Shanya to assist in EDR (endpoint detection and response) killing operations. […]
Malicious VSCode extensions on Microsoft’s registry drop infostealers
Two malicious extensions on Microsoft’s Visual Studio Code Marketplace infect developers’ machines with information-stealing malware that can take screenshots, steal credentials, and hijack browser sessions. […]
FinCEN says ransomware gangs extorted over $2.1B from 2022 to 2024
A new report by the Financial Crimes Enforcement Network (FinCEN) shows that ransomware activity peaked in 2023 before falling in 2024, following a series of law enforcement actions targeting the ALPHV/BlackCat and LockBit ransomware gangs. […]
Poland arrests Ukrainians utilizing ‘advanced’ hacking equipment
The police in Poland arrested three Ukrainian nationals for allegedly attempting to damage IT systems in the country using hacking equipment and for obtaining “computer data of particular importance to national defense.” […]
Google Chrome adds new security layer for Gemini AI agentic browsing
Google Chrome is introducing a new security architecture designed to protect upcoming agentic AI browsing features powered by Gemini. […]
Google Fortifies Chrome Agentic AI Against Indirect Prompt Injection Attacks
Chrome’s new agentic browsing protections include user alignment critic, expanded origin-isolation capabilities, and user confirmations.
The post Google Fortifies Chrome Agentic AI Against Indirect Prompt Injection Attacks appeared first on SecurityWeek.
Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT
Cybersecurity researchers are calling attention to a new campaign dubbed JS#SMUGGLER that has been observed leveraging compromised websites as a distribution vector for a remote access trojan named NetSupport RAT.
The attack chain, analyzed by Securonix, involves three main moving parts: An obfuscated JavaScript loader injected into a website, an HTML Application (HTA) that runs encrypted
The attack chain, analyzed by Securonix, involves three main moving parts: An obfuscated JavaScript loader injected into a website, an HTML Application (HTA) that runs encrypted
How Agentic BAS AI Turns Threat Headlines Into Defense Strategies
Picus Security explains why relying on LLM-generated attack scripts is risky and how an agentic approach maps real threat intel to safe, validated TTPs. Their breakdown shows how teams can turn headline threats into reliable defense checks without unsafe automation. […]
CISO Conversations: Keith McCammon, CSO and Co-founder at Red Canary
From a basement computer lab to the C-Suite: How Keith McCammon built his career and Red Canary with zero formal training.
The post CISO Conversations: Keith McCammon, CSO and Co-founder at Red Canary appeared first on SecurityWeek.
Resemble AI Raises $13 Million for AI Threat Detection
The cybersecurity startup will use the investment to accelerate product development and fuel global expansion.
The post Resemble AI Raises $13 Million for AI Threat Detection appeared first on SecurityWeek.