For you Ai Security Dev Cloud Hardware Startups Releases General

From The Hacker News ยท 29 stories

1 source 1 report 1d ago

VEIL#DROP Malware Uses Blogger to Deliver PureLogs Info Stealer

A new malware delivery chain, named VEIL#DROP, employs social engineering and Blogger pages to deploy the PureLogs Stealer. The use of legitimate platforms enables attackers to circumvent traditional defenses and execute remote payloads silently.

security malware infostealer Blogger cybersecurity
1 source 1 report 1d ago

Ousaban Banking Trojan Targets Iberian Bank Users with Fake PDF Lures

The Ousaban banking trojan is targeting Windows users in Spain and Portugal through phishing PDFs designed to look like corrupted files. This malware can capture sensitive information during online banking sessions, posing a significant threat to users' accounts.

security banking trojan malware
1 source 1 report 1d ago

2026 Cybersecurity Assessment Reveals Awareness vs. Resilience Gap

The 2026 Bitdefender Cybersecurity Assessment reveals significant discrepancies between organizations' awareness of cyber risks and their actual resilience capabilities. While there is broad acknowledgment of AIโ€™s role in cybersecurity, many teams struggle to effectively reduce their attack surfaces and maintain visibility into AI usage, highlighting a critical sector challenge.

security cybersecurity ai risk management business resilience
1 source 1 report 1d ago

Microsoft Accelerates Post-Quantum Cryptography Roadmap to 2029

Microsoft is fast-tracking its quantum-safe security roadmap, aiming for post-quantum cryptography by 2029 in response to advances in quantum computing. This update could significantly impact encryption standards and security protocols across the tech industry.

security quantum encryption microsoft
1 source 1 report 1d ago

AI-Generated Domains Used in Phishing Attacks via Phantom Squatting

Attackers are purchasing domains created by AI models before anyone else, leveraging misplaced trust from users. This tactic, termed 'phantom squatting' by Palo Alto Networks' Unit 42, poses significant risks as AI-generated links can mislead users into visiting malicious sites.

security ai
1 source 1 report 2d ago

Microsoft Identifies Risks from Poisoned MCP Tool Descriptions for AI Agents

Microsoft research reveals that poisoned tool descriptions can enable attackers to coerce AI agents into leaking sensitive data without triggering alarms. This issue arises particularly as companies empower AI agents for more complex tasks, highlighting vulnerabilities in the Model Context Protocol (MCP).

security ai microsoft data leakage
1 source 1 report 2d ago

RustDuck Botnet Targets Routers and Servers with Two-Stage Malware

The RustDuck botnet is hijacking devices like routers and cameras to execute DDoS attacks. Its significance lies in its rapid evolution and the transition from C to Rust, making analysis more difficult.

security malware botnet ddos cybersecurity
1 source 1 report 2d ago

Silent Swap Crypto Clipper Targets Users via Fake Google Notes Extension

Cybersecurity researchers identified the Silent Swap crypto clipper campaign, which uses a fake 'Google Notes' extension to steal cryptocurrency. The campaign replaces wallet addresses during transactions, leading to irreversible financial losses for victims.

security cryptocurrency malware cybersecurity web
1 source 1 report 2d ago

Study Reveals 282 iOS AI Apps Expose API Keys and Access Tokens

A study found that 282 of 444 tested iOS AI chatbot apps leaked API keys through network traffic, enabling unauthorized access. This exposes developers to financial risks and highlights security vulnerabilities amidst the growing reliance on AI applications.

security ios ai apps
1 source 1 report 2d ago

Cyber Risks Identified Ahead of FIFA World Cup 2026

A recent report reveals significant cyber threats targeting the FIFA World Cup 2026, including email spoofing risks and a surge in fake sportsbook apps. With many partners lacking sufficient protections, this exposes critical vulnerabilities within the event's supply chain, posing a major risk to financial transactions.

security cybersecurity fifa worldcup fraud
1 source 1 report 2d ago

Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer

An exploit of the critical authentication bypass vulnerability CVE-2026-48558 in SimpleHelp has allowed attackers to deploy TaskWeaver and Djinn Stealer malware. This intrusion showcases the importance of securing remote monitoring software, as compromised systems can lead to severe data theft.

security simplehelp vulnerability malware
1 source 1 report 2d ago

Malicious Chrome Extension Logged User Searches Under Perplexity Name

Microsoft discovered a malicious Chrome extension pretending to be Perplexity that intercepted user searches and address bar input. This extension logged every search query and typed character before redirecting users to legitimate search engines, posing a significant data privacy risk.

security chrome malware extensions
1 source 1 report 2d ago

Apple Releases Security Updates for 30+ iOS, macOS, Safari Vulnerabilities

Apple released security updates for iOS, macOS, and Safari fixing over 30 vulnerabilities, including four WebKit flaws uncovered using AI tools. This marks a proactive approach from Apple in response to potential AI-enhanced exploitation techniques.

security apple ios updates
1 source 1 report 2d ago

Over 236,000 DCloud Sites Linked to Cryptocurrency Scams and Phishing

Infoblox reports that over 236,000 websites employing DCloud Uni-App templates are involved in scams. These include cryptocurrency exchanges, phishing networks, and wallet drainers, raising significant security concerns.

security scams cybersecurity fraud DCloud
1 source 1 report 2d ago

Urgency Grows for Quantum-Resistant Cryptography Amid Quantum Threats

Organizations must adapt to post-quantum cryptography as public-key systems will be vulnerable to quantum computers. With cryptographically relevant quantum computers potentially available within 15 years, industries face pressures to upgrade security protocols before major deadlines set by agencies like the NSA and NIST.

security quantum cryptography data
1 source 1 report 2d ago

Gamaredon Intensifies Cyber Attacks on Ukraine with New Malware Techniques

Gamaredon, a Russian APT group, has expanded its cyber attacks against Ukraine with new malware and tactics throughout 2025. The group has conducted 35 spear-phishing campaigns aimed at Ukrainian governmental and military institutions, focusing on exfiltrating sensitive data that could serve Russian interests in the ongoing conflict.

security gamaredon malware cybersecurity ukraine
1 source 1 report 4d ago

Ukraine and FBI Uncover Russian Intelligence Messaging Credential Theft Campaign

The Security Service of Ukraine, in collaboration with the FBI, revealed a Russian intelligence operation targeting messaging accounts of officials and civilians. The attackers used fake support messages to coax victims into revealing sensitive credentials.

security cybersecurity phishing russia ukraine
1 source 1 report 4d ago

New SharkLoader Malware Used to Deploy Cobalt Strike in Global Cyberattacks

Kaspersky reports a new malware called SharkLoader is being used to deploy Cobalt Strike in cyber attack campaigns. Targeting various sectors in multiple countries, the campaign reveals a significant and global threat landscape potentially linked to a Chinese-speaking threat actor.

security CobaltStrike cybersecurity malware threats
1 source 1 report 4d ago

Chinese APT CL-STA-1062 Uses TinyRCT Backdoor in Southeast Asia Cyber Campaign

A Chinese-speaking APT known as CL-STA-1062 has been linked to a new backdoor, TinyRCT, targeting government and critical infrastructure in Southeast Asia. This development highlights a sustained threat environment for state entities in the region.

security apt backdoor cybersecurity hacking
1 source 1 report 4d ago

Amazon Q Developer Flaw Allows Code Execution via Malicious Repos

A high-severity flaw in Amazon Q Developer permitted malicious repositories to execute code and steal developer credentials. The issue stemmed from the way Amazon's AI coding assistant handled Model Context Protocol servers, which has now been patched by Amazon.

security aws developer vulnerability
1 source 1 report 4d ago

Guardian Agents Raise Challenges for Identity Governance in Enterprises

The emergence of AI agents in enterprise environments has exposed significant gaps in identity governance systems. These agents inherit permissions from human identities, potentially leading to over-privileged access and security risks across systems.

security aiagents enterprises identitygovernance
1 source 1 report 4d ago

Microsoft Alerts on Phishing Campaign Targeting Hotels with Node.js Implant

Microsoft identified a phishing campaign targeting hotels across Europe and Asia that leverages ZIP files containing a Node.js implant. The campaign uses specialized email tactics to bypass security measures and exploit hotel operational themes, highlighting a significant security concern in the hospitality sector.

security hotels malware phishing
1 source 1 report 4d ago

Russia Used Cellebrite Tools on Activist's iPhone Post-Sales Cutoff

Russian authorities accessed the iPhone of detained activist Andrey Pivovarov using Cellebrite's forensic tools in June 2021, despite the company's pledge to cease sales to Russia. This incident raises serious ethical concerns regarding the use of forensic technology in political prosecutions and reflects ongoing state repression efforts against opposition figures.

security activism cellebrite forensics politics
1 source 1 report 4d ago

Google Reveals Details on Turla's STOCKSTAY Backdoor Targeting Ukraine

Google's Threat Intelligence Group announced the discovery of the STOCKSTAY backdoor, attributed to the Russian cyber espionage group Turla. This malware has been used to target Ukrainian government and military organizations, showcasing an evolution in Turla's cyber capabilities and tactics since its development traceable to late 2022.

security cybersecurity espionage malware turla
1 source 1 report 4d ago

Cloudflare Develops Privacy Protocol, curl Bug Discovered, Critical Hoppscotch Vulnerability

Cloudflare, alongside major web browsers, introduced a protocol using Private Access Control Tokens to enhance web privacy. AISLE reported six vulnerabilities in curl, the oldest dating back to 2001, while a critical security flaw in Hoppscotch allows unauthenticated attackers to compromise API instances.

security dev releases
1 source 1 report 4d ago

New Rust-based Gaslight Malware Targets macOS with AI Disruption Techniques

A new macOS malware, codenamed Gaslight, uses prompt injection techniques to evade AI analysis. Linked to North Korean threat actors, the malware embeds fabricated system-failure messages to disrupt AI-assisted triage efforts.

security ai macos malware
1 source 1 report 4d ago

DoJ Seizes Huione Cloud Account Linked to Cryptocurrency Fraud

The U.S. Department of Justice has seized a Huione Group cloud account used for money laundering linked to various cyber scams. This action, which follows new sanctions against related entities, aimed to disrupt significant financial networks facilitating fraudulent activities connected to cryptocurrency.

security cryptocurrency cybercrime lawenforcement moneylaundering
1 source 1 report 6h ago

Challenges of Identity Lifecycle Management for AI Agents

Identity lifecycle management systems, designed for human employees, struggle to accommodate AI agents. This gap presents governance issues as enterprises increasingly integrate autonomous agents, necessitating updates to existing frameworks.

security identitymanagement ai governance
1 source 1 report 4d ago

Richard Bejtlich Advocates for NDR in Modern Security Operations

Richard Bejtlich highlights the growing need for Network Detection and Response (NDR) in cybersecurity. His guide emphasizes moving beyond traditional alerts to prioritize actionable evidence in detecting and mitigating threats.

security cybersecurity incident investigation network detection response threat hunting