Beats Studio Buds Flaw Could Let Nearby Attackers Eavesdrop on Users
Apple has released a security update to patch a Beats Studio Buds flaw that let nearby hackers listen to conversations through the microphone.
Apple has released a security update to patch a Beats Studio Buds flaw that let nearby hackers listen to conversations through the microphone.
A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers manipulate an agent into executing arbitrary commands on its host system simply by visiting a malicious webpage. [...]
Attackers are using multiple online channels — including GitHub, YouTube, and VirusTotal — to build an illusion of trust to spread a cross-platform clipboard hijacker.
A heap over-read in the Squid web proxy can leak another user's cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic through the same proxy. The bug traces to a 1997 FTP-parsing change and is still live in Squi…
Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.
Threat actors can easily steal one-time passwords sent by text when they conduct a SIM swap attack. This can lead to account takeovers, so users must layer up their security measures.
Attackers no longer need to sift through massive credential dumps. They can pay others to do it for them. Flare explores how an emerging underground market searches stolen credential databases for specific companies, domains, and accounts. [...]
O ataque à plataforma de inteligência competitiva Klue resultou no comprometimento de contas de negócios de pelo menos cinco empresas de segurança, que tiveram dados de seus ambientes Salesforce comprometidos, conforme revelações publicadas no último fim de semana. A intrusão, de…
Cybersecurity researchers have disclosed details of a new campaign that delivers CastleStealer by means of a previously unreported malware loader dubbed OXLOADER. According to Elastic Security Labs, the campaign leverages malicious Google Ads as a starting point to distribute th…
A multi-platform malware campaign abuses fake trust signals to infect Windows and Mac users with a crypto clipper packed with 15,500 attacker wallets.
Earlier this month, I spoke at the Gartner Security & Risk Management Summit about a blind spot most security programs are still not accounting for - how attackers are circumventing AI security programs by using legacy infrastructure to hijack AI agents. AI adoption is moving fa…
A CISA alertou que uma vulnerabilidade crítica no Splunk Enterprise está sendo explorada em ataques reais. A falha, identificada como CVE-2026-20253, afeta um componente interno ligado ao serviço PostgreSQL Sidecar da plataforma. O problema foi incluído no catálogo de vulnerabili…
Icarus extortion group used a legacy Klue Battlecards credential to bypass security and steal bulk Salesforce records from affected companies.
It’s Monday again. This week’s threat list looks painfully familiar: abused integrations, fake tools, poisoned websites, ransomware crews trying to shut down security tools, and mobile malware asking for way too much control. The annoying part is how little of this feels new. W…
ShinyHunters Data Extortion Group Threatens to Leak 8.8 TB of Stolen One Medical Data The HIPAA Journal
One Medical, the Amazon-owned primary care provider, has recently announced a cybersecurity incident in which an unauthorized third party gained […] The post ShinyHunters Data Extortion Group Threatens to Leak 8.8 TB of Stolen One Medical Data appeared first on The HIPAA Journal.
A new malware family is turning forgotten home routers into a distributed reconnaissance and proxy network, not the DDoS botnet these devices usually end up in. QiAnXin's XLab calls it AryStinger and counts at least 4,300 infected routers, a total it says is still rising. The di…
A new report from INTERPOL has revealed a "dramatic increase" in cybercrime in Asia and the South Pacific, fueled by rapid digitalization, internet penetration, new technologies, organized criminal networks, and a disparity in cybersecurity maturity. According to INTERPOL's 2025…
Uma integração comprometida da plataforma Klue, especializada em inteligência competitiva, foi utilizada para exfiltrar dados de CRM (Customer Relationship Management) de ambientes empresariais, de acordo com um relatório publicado pela ReliaQuest no dia 17 de junho. A Klue é uma…
Uma vulnerabilidade crítica de segurança identificada no Avada (Fusion) Builder, um dos complementos mais populares do ecossistema WordPress, expôs mais de 1 milhão de sites a ataques de exclusão arbitrária de arquivos. O defeito lógico abre caminho para o comprometimento total d…