· 2 days ago· Dark Reading
Threat Actors Leverage AI to Outsmart Endpoint Detection Systems
Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender.
#security
Topic
#security
1559 articles found
· 2 days ago· The Hacker News
Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)
Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an autonomous AI tool built to hunt bugs in large codebases. Tracked as CVE-2026-23479, the flaw was introduced in Redis
#security
· 2 days ago· The Hacker News
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag
A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any other app on the same phone could ask for the signed-in user's token and get it, then read email, open files, browse the
#security
· 2 days ago· The Hacker News
Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT
Cybersecurity researchers have flagged a new malspam campaign that makes use of Google's DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan (RAT) named DesckVB RAT. "Before the victim ever reaches attacker-controlled infrastructure, the lure routes through D
#security
· 2 days ago· The Hacker News
WhatsApp, Slack Notifications Could Hijack Google Gemini on Android
A single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini's voice assistant on Android and made it open a victim's connected windows, fake a message from their boss, push the phone into a Zoom call, or quietly poison its long-term mem
#security#google-gemini#android#notifications#voice-assistant
· 2 days ago· Bleeping Computer
CISA warns of cyberattacks targeting fuel tank monitoring systems
CISA, the FBI, the NSA, the Department of Energy, and other US government partners are warning that hackers are targeting internet-exposed automatic tank gauge (ATG) systems used to monitor fuel and liquid storage tanks across various critical infrastructure sectors. [...]
#security
· 2 days ago· Bleeping Computer
The U.S. sanctions Nobitex crypto exchange used by ransomware
The U.S. Treasury's Office of Foreign Assets Control (OFAC) has announced sanctions against Nobitex, Iran's largest cryptocurrency exchange, for facilitating payments related to terrorist activities. [...]
#security
· 2 days ago· Dark Reading
Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover
A disabled security setting meant to protect authentication across Android versions of key apps like Word, PowerPoint, and Excel paved the way for attackers to steal logins and data.
#security
· 2 days ago· Dark Reading
Cyber Insurance Rates Are Dropping, but Exclusions Widen
Cyber insurance coverage is slowly changing, and some policies may not provide coverage for social engineering attacks like ClickFix.
#security
· 2 days ago· Dark Reading
Tropical Blend: Cyber & Politics Ramp Up Across Latin America
China-linked espionage groups have attacked at least a dozen nations in the region, gathering information on maritime shipping, oil production, and other geopolitical interests.
#security
· 2 days ago· Bleeping Computer
Indian Web Servers Crashed in Under a Minute by Novel 'HTTP/2 Bomb' Assault
A new denial-of-service (DoS) attack dubbed HTTP/2 Bomb can be launched from a single machine to take down web servers within seconds. [...]
#security
· 2 days ago· SecurityWeek
Coralogix Raises $200M at $1.6B Valuation to Scale AI Observability Platform
Coralogix offers a full-stack observability platform that unifies logs, metrics, traces, security, and AI observability. The post Coralogix Raises $200M at $1.6B Valuation to Scale AI Observability Platform appeared first on SecurityWeek.
#security
· 2 days ago· Cybersecurity Dive
CISA, FBI warn that hackers are targeting systems used to monitor industrial fluids
Automatic tank gauge systems are widely used across multiple industries, including energy, agriculture and transportation.
#security
· 2 days ago· Cybersecurity Dive
‘Don’t panic’: AI reality checks dominate major cybersecurity conference
CISOs and their colleagues should focus on network security basics, not AI vendors’ overhyped promises, analysts said at an annual Gartner cybersecurity event.
#security
· 2 days ago· Bleeping Computer
CISA warns of active attacks exploiting Android, Linux bugs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting vulnerabilities in the Linux kernel and Android operating system. [...]
#security
· 2 days ago· SANS Internet Storm
Continuing Scans for swagger.json, (Wed, Jun 3rd)
Enterprise applications often still use complex standards like SOAP for web services. The big advantage of SOAP is its tight and extensive standards, which enable interoperability across an enterprise governed by web services. The disadvantage of SOAP: First, while it is de facto usually used over H
#security#soap#enterprise-applications#interoperability
· 2 days ago· Bleeping Computer
The Impact of 345 Days of Security Vulnerability in Banking
A two-week penetration test can leave roughly 345 days of real-world exposure unvalidated. Sprocket Security explores why continuous testing is becoming critical as attack surfaces constantly change. [...]
#security
· 2 days ago· The Hacker News
One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens
Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user's GitHub token. "Just by clicking a link, it's possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones,
#security
· 2 days ago· SecurityWeek
Cybercriminals Launch Espionage Attack on Worldwide Stock Exchange
The attackers had access to a senior executive’s email account for 150 days and exfiltrated data for months. The post Hackers Target Global Stock Exchange in Espionage Operation appeared first on SecurityWeek.
#security
· 2 days ago· SecurityWeek
Security of 100 AI Agents Tested and Ranked – What You Need to Know
The AI Risk Quadrant evaluates AI agents based on three factors: how vulnerable they are to compromise, the potential impact of a breach, and the strength of their security defenses. The post Security of 100 AI Agents Tested and Ranked – What You Need to Know appeared first on SecurityWeek.
#security