Old Adobe Reader zero-day uses PDFs to size up targets
…Security researcher Haifei Li, founder of the sandbox-based exploit detection system EXPMON, said the campaign uses a malicious PDF that runs as soon as it's opened, working against even up…
Search
Anthropic's Mythos has The Kettle crew curious, skeptical
Security Anthropic's mysterious Mythos AI threatens to upend the infosec world Or it's a bunch of pre-IPO hype. Either way, we're giving it the once-over on this…
Telnyx package latest hit in PyPI supply-chain compromise
…neural network optimization bot into an exploitative one. "It might sound devious, but it's worked very well," said ORNL Center for Artificial Intelligence Security Research director Edmon Begoli. Photon, as the…
CISA tells feds to patch 13-year-old Apache ActiveMQ bug
…list, which is reserved for vulnerabilities already being exploited in the wild. And there's plenty of exposed surface to aim at: threat monitoring outfit ShadowServer is tracking more than 8,000…
ShinyHunters claims yet another Salesforce customers breach
…us, adding that the "recon and exploitation has been going on for several months now." This follows a Saturday warning from Salesforce that a "known threat actor group" is actively scanning for…
Anthropic's Project Glasswing CVE count is still guesswork
…He also suggested that Anthropic "create a dedicated security advisory page where security advisories and vulnerability disclosures were published in a consistent way, to provide a way for consumers to understand the…
Fake applicants are sending security-killing malware
…The operation, detailed in a threat report from networking and security outfit Aryaka , exploits one of the most mundane workflows within an organization: hiring. Researchers say the bait arrives as what looks…
Spyware disguised as emergency-alert app sent to Israelis
…actors seeking to exploit the situation," TRU lead security researcher Santiago Pontiroli told The Register . "Attackers frequently leverage wartime themes such as emergency alerts, missile warnings, or security updates as social engineering…
1K+ cloud environments infected via Trivy attack
…They were able to do this because, back in February, the same crew exploited a misconfiguration in Trivy's GitHub Action component and stole a privileged access token. This security issue was…
Outsourcer Telus admits to attack, possibly by ShinyHunters
…These include advanced persistent threats (APTs), ransomware campaigns, and zero-day exploitation attempts,” he added. Palaniappan said CSG’s security teams “are operating at an elevated alert level” and have “accelerated vulnerability…