ComicForm and SectorJ149 Hackers Deploy Formbook Malware in Eurasian Cyberattacks
Organizations in Belarus, Kazakhstan, and Russia have emerged as the target of a phishing campaign undertaken by a previously undocumented...
Read more →Category: TheHackerNews
How to Gain Control of AI Agents and Non-Human Identities
We hear this a lot: “We’ve got hundreds of service accounts and AI agents running in the background. We didn’t...
Read more →
Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants
A critical token validation failure in Microsoft Entra ID (previously Azure Active Directory) could have allowed attackers to impersonate any...
Read more →
DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams
Threat actors with ties to the Democratic People’s Republic of Korea (aka DPRK or North Korea) have been observed leveraging...
Read more →
LastPass Warns of Fake Repositories Infecting macOS with Atomic Infostealer
Sep 20, 2025Ravie LakshmananSoftware Security / Malware LastPass is warning of an ongoing, widespread information stealer campaign targeting Apple macOS...
Read more →
ShadowLeak Zero-Click Flaw Leaks Gmail Data via OpenAI ChatGPT Deep Research Agent
Sep 20, 2025Ravie LakshmananArtificial Intelligence / Cloud Security Cybersecurity researchers have disclosed a zero-click flaw in OpenAI ChatGPT’s Deep Research...
Read more →
Researchers Uncover GPT-4-Powered MalTerminal Malware Creating Ransomware, Reverse Shell
Cybersecurity researchers have discovered what they say is the earliest example known to date of a malware with that bakes...
Read more →ShadowLeak Zero-Click Flaw Leaks Gmail Data via OpenAI ChatGPT Deep Research Agent
Sep 20, 2025Ravie LakshmananArtificial Intelligence / Cloud Security Cybersecurity researchers have disclosed a zero-click flaw in OpenAI ChatGPT’s Deep Research...
Read more →
UNC1549 Hacks 34 Devices in 11 Telecom Firms via LinkedIn Job Lures and MINIBIKE Malware
An Iran-nexus cyber espionage group known as UNC1549 has been attributed to a new campaign targeting European telecommunications companies, successfully...
Read more →
Fortra Releases Critical Patch for CVSS 10.0 GoAnywhere MFT Vulnerability
Sep 19, 2025Ravie LakshmananVulnerability / Threat Intelligence Fortra has disclosed details of a critical security flaw in GoAnywhere Managed File...
Read more →
SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers
Sep 19, 2025Ravie LakshmananBotnet / Network Security A proxy network known as REM Proxy is powered by malware known as...
Read more →
17,500 Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS Surge
The phishing-as-a-service (PhaaS) offering known as Lighthouse and Lucid has been linked to more than 17,500 phishing domains targeting 316...
Read more →