New Koske Linux malware hides in cute panda images
A new Linux malware named Koske may have been developed with artificial intelligence and is using seemingly benign JPEG images of panda bears to deploy…
Category: Bleeping Computer
Hacker sneaks infostealer malware into early access Steam game
A threat actor called EncryptHub has compromised a game on Steam to distribute info-stealing malware to unsuspecting users downloading the title. A few days ago,…
Mitel warns of critical MiVoice MX-ONE authentication bypass flaw
Mitel Networks has released security updates to patch a critical-severity authentication bypass vulnerability impacting its MiVoice MX-ONE enterprise communications platform. MX-ONE is the company’s SIP-based…
Hackers breach Toptal GitHub account, publish malicious npm packages
Hackers compromised Toptal’s GitHub organization account and used their access to publish ten malicious packages on the Node Package Manager (NPM) index. The packages included data-stealing…
SonicWall urges admins to patch critical RCE flaw in SMA 100 devices
SonicWall urges customers to patch SMA 100 series appliances against a critical authenticated arbitrary file upload vulnerability that can let attackers gain remote code execution.…
SharePoint servers also targeted in ransomware attacks
A Chinese hacking group is deploying Warlock ransomware on Microsoft SharePoint servers vulnerable to widespread attacks targeting the recently patched ToolShell zero-day exploit chain. Tracked…
Brave blocks Windows Recall from screenshotting your browsing activity
Brave Software says its privacy-focused browser will block Microsoft’s Windows Recall from capturing screenshots of Brave windows by default to protect users’ privacy. Windows Recall is…
npm ‘accidentally’ removes Stylus package, breaks builds and pipelines
npm has taken down all versions of the real Stylus library and replaced them with a “security holding” page, breaking pipelines and builds worldwide that rely on the…
CISA warns of hackers exploiting SysAid vulnerabilities in attacks
CISA has warned that attackers are actively exploiting two security vulnerabilities in the SysAid IT service management (ITSM) software to hijack administrator accounts. The two…
Ukraine arrests suspected admin of XSS Russian hacking forum
The suspected administrator of the Russian-speaking hacking forum XSS.is was arrested by the Ukrainian authorities yesterday at the request of the Paris public prosecutor’s office. XSS.is…
How to harden your Active Directory against Kerberoasting
Kerberoasting is a common attack targeting Microsoft Active Directory, enabling attackers to compromise service accounts with low risk of detection. Because it manipulates legitimate accounts,…
ChatGPT is rolling out ‘personality’ toggles to become your assistant
OpenAI is rolling out a new “personality” feature on the ChatGPT web app. This allows you to choose between multiple personalities, such as “Robot.” ChatGPT…