A Novel Exploit Leveraging URL Fragments To Deceive AI Browsers
Security researchers at Cato CTRL have uncovered HashJack. This innovative indirect prompt-injection attack hides harmful commands in the fragment portion of URLs after the “#”…
Month: November 2025
Fake Battlefield 6 Downloads Are Spreading Malware, Stealing Player Data – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
A new report from Bitdefender Labs has brought unsettling news for the gaming community, especially those looking for free or hacked versions of popular titles.…
Microsoft Details Security Risks of New Agentic AI Feature
In recent weeks, discussions have centered on Microsoft’s experimental agentic AI feature, which has introduced both advanced task automation and significant security concerns. This agentic…
Office Of Inspector General (OIG) Finds VDP Not Effective
The Department of Commerce’s vulnerability disclosure program (VDP), designed to protect its public-facing information technology systems, has been deemed “not fully effective” according to a…
Developers Expose Passwords and API Keys via Online Tools like JSONFormatter
Developers are unintentionally exposing passwords, API keys, and sensitive data by pasting production information into online formatting tools such as JSONFormatter and CodeBeautify. New research…
Interview: Bridgette McAdoo of Genesys on steering sustainability goals to success
As a play on the word “genesis”, the company’s brand evokes beginnings and new life, but for chief sustainability officer (CSO) Bridgette McAdoo, arriving at…
Dissecting a new malspam chain delivering Purelogs infostealer
Dissecting a new malspam chain delivering Purelogs infostealer Pierluigi Paganini November 26, 2025 The AISI Research Center’s Cybersecurity Observatory publishes the report “Dissecting a new…
RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware
Nov 26, 2025Ravie LakshmananMalware / Cyber Espionage The threat actors behind a malware family known as RomCom targeted a U.S.-based civil engineering company via a…
New Attack Technique Tricks AI Browsers Using a Simple ‘#’
Security researchers at Cato CTRL have discovered a new indirect prompt injection technique called HashJack, which weaponises legitimate websites to manipulate AI browser assistants. The attack…
Small language models step into the fight against phishing sites
Phishing sites keep rising, and security teams are searching for ways to sort suspicious pages at speed. A recent study explores whether small language models…
Tor Adopts Galois Onion Encryption to Strengthen Defense Against Online Attacks
The Tor Project has announced a significant cryptographic overhaul, retiring its legacy relay encryption algorithm after decades of service and replacing it with Counter Galois…
Heineken CISO champions a new risk mindset to unlock innovation
In this Help Net Security interview, Marina Marceta, CISO at Heineken, discusses what it takes for CISOs to be seen as business-aligned leaders rather than…