Microsoft is rolling out Copilot Chat to Word, Excel, PowerPoint, Outlook, and OneNote for paying Microsoft 365 business customers. […]
Google nukes 224 Android malware apps behind massive ad fraud campaign
A massive Android ad fraud operation dubbed “SlopAds” was disrupted after 224 malicious applications on Google Play were used to generate 2.3 billion ad requests per day. […]
Self-propagating supply chain attack hits 187 npm packages
Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated worm-style campaign dubbed ‘Shai-Hulud’ started yesterday with the compromise of the @ctrl/tinycolor npm package, and has now expanded to CrowdStrike’s npm namespace. […]
Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover
Cybersecurity researchers have disclosed multiple critical security vulnerabilities in Chaos Mesh that, if successfully exploited, could lead to cluster takeover in Kubernetes environments.
“Attackers need only minimal in-cluster network access to exploit these vulnerabilities, execute the platform’s fault injections (such as shutting down pods or disrupting network communications), and perform
“Attackers need only minimal in-cluster network access to exploit these vulnerabilities, execute the platform’s fault injections (such as shutting down pods or disrupting network communications), and perform
Microsoft: WMIC will be removed after Windows 11 25H2 upgrade
Microsoft has announced that the Windows Management Instrumentation Command-line (WMIC) tool will be removed after upgrading to Windows 11 25H2 and later. […]
SlopAds Fraud Ring Exploits 224 Android Apps to Drive 2.3 Billion Daily Ad Bids
A massive ad fraud and click fraud operation dubbed SlopAds ran a cluster of 224 apps, collectively attracting 38 million downloads across 228 countries and territories.
“These apps deliver their fraud payload using steganography and create hidden WebViews to navigate to threat actor-owned cashout sites, generating fraudulent ad impressions and clicks,” HUMAN’s Satori Threat Intelligence and
“These apps deliver their fraud payload using steganography and create hidden WebViews to navigate to threat actor-owned cashout sites, generating fraudulent ad impressions and clicks,” HUMAN’s Satori Threat Intelligence and
Security Analytics Firm Vega Emerges From Stealth With $65M in Funding
Vega provides security analytics and operations solutions designed to help organizations detect and respond to threats.
The post Security Analytics Firm Vega Emerges From Stealth With $65M in Funding appeared first on SecurityWeek.
Team-Wide VMware Certification: Your Secret Weapon for Security
One VMware-certified pro is a win. An entire certified team? That’s a security multiplier. VMUG Advantage makes team-wide certification practical—building collaboration, resilience, and retention. […]
Ray Security Emerges From Stealth With $11M to Bring Real-Time, AI-Driven Data Protection
Tel Aviv, Israel-based Ray Security emerged from stealth with $11 million seed funding and a desire to change the way corporate data is protected. The funding was co-led by Venture Guides and Ibex Investors.
The post Ray Security Emerges From Stealth With $11M to Bring Real-Time, AI-Driven Data Protection appeared first on SecurityWeek.
Jaguar Land Rover extends shutdown after cyberattack by another week
Jaguar Land Rover (JLR) announced today that it will extend the production shutdown for another week, following a devastating cyberattack that impacted its systems at the end of August. […]