Flaw in Claude’s Chrome extension allowed ‘any’ other plugin to hijack victims’ AI
As businesses and governments turn to AI agents to access the internet and perform higher-level tasks, researchers continue to find serious flaws in large language…
Category: Cyberscoop
ShinyHunters claims nearly 9,000 schools affected by Canvas data breach
ShinyHunters, the prolific criminal hacker and extortion group, on Thursday provided additional details about its recent breach of Canvas, the learning management system developed by…
Sen. Schumer seeks DHS plan on AI cyber coordination with state, local governments
The Senate’s top Democrat called on the Department of Homeland Security Friday to work closely with state and local governments to defend against artificial intelligence-strengthened…
Trump officials are steering a cybersecurity scholarship program toward AI
The Trump administration is redirecting a cybersecurity scholarship program that requires recipients to work in government service toward artificial intelligence, leaving some current program scholars…
Ivanti customers confront yet another actively exploited zero-day
Attackers are hitting Ivanti customers yet again — circling back to a common target and consistently susceptible vendor in the network edge space — by…
American duo sentenced for hosting laptop farms for North Korean IT workers
Two U.S. nationals were sentenced to 18 months in prison for running laptop farms that facilitated North Korea’s expansive remote IT workers scheme, the Justice…
One House Democrat is pressing Commerce on the government’s spyware use
A House Democrat who’s been at the forefront of congressional efforts to scrutinize the federal government’s use of commercial spyware wants the Commerce Department to…
A critical Palo Alto PAN-OS zero-day is being exploited in the wild
Attackers are actively exploiting a zero-day vulnerability affecting some Palo Alto Networks’ customers’ firewalls, the security vendor said in an advisory Tuesday. The critical memory…
A DOD contractor’s API flaw exposed military course data and service member records
A defense technology company with Department of Defense contracts exposed user records and military training materials through API endpoints that lacked meaningful authorization checks, according…
CISA boasts AI automation improvements to threat analysis, mission support
The Cybersecurity and Infrastructure Security Agency has gotten “by far” the biggest gains from artificial intelligence automation in its security operations unit to help analysts…
CISA wants critical infrastructure to operate ‘weeks to months’ in isolation during conflict
The Cybersecurity and Infrastructure Security Agency is urging critical infrastructure owners and operators to plan for delivering essential services under emergency conditions – potentially for…
Latvian national sentenced for ransomware attacks run by former Conti leaders
A federal judge sentenced a Latvian national to 102 months in prison for his involvement in a series of ransomware attacks for more than two…