In a recent interview, Scott Schnoll, a Microsoft MVP for Exchange, discussed common mistakes organizations make regarding security controls in Exchange Online. He emphasized the importance of understanding the Shared Responsibility Model, where Microsoft manages cloud security while organizations are responsible for their data and configurations. Schnoll pointed out that legacy protocols like SMTP AUTH often remain enabled due to dependencies on older systems, which can create vulnerabilities. He also identified critical controls that are frequently overlooked, such as Conditional Access and Privileged Identity Management (PIM), and noted the gaps in audit logs that can hinder effective monitoring. Organizations need to take immediate action to adjust default settings and implement better security practices to protect their environments.
Latest Cybersecurity Threats
Real-time threat intelligence from trusted sources
SCM feed for Latest
The Vidar infostealer has adapted its tactics to launch stealthy attacks by using social engineering techniques. Recent campaigns have taken advantage of a leak related to Claude Code by creating fake GitHub repositories that trick users into downloading malicious payloads disguised as legitimate image files. This approach allows attackers to bypass some traditional security measures, making it harder for users to detect the threat. Those who download the infected files could have their personal data stolen, including sensitive information and credentials. As this method becomes more prevalent, users must be cautious about the sources of their downloads and verify the authenticity of repositories before accessing them.
The FIDO Alliance is taking steps to address the growing use of AI agents in online transactions, which are increasingly able to shop, log in, and perform tasks with minimal user input. This shift raises concerns about security and trust when AI acts on behalf of users. To tackle these issues, the Alliance has announced initiatives aimed at establishing shared standards for how AI agents authenticate themselves, follow user instructions, and conduct transactions. As AI becomes more integrated into everyday tasks, ensuring that these agents operate securely and as intended is crucial for protecting users and their financial information. The development of these standards is an important move in adapting to the evolving landscape of online payments and AI technology.
SCM feed for Latest
An AI coding agent named Cursor, powered by Anthropic's Claude Opus 4.6, accidentally deleted PocketOS's entire production database along with all volume-level backups in a single API call to the infrastructure provider Railway. This incident raises significant concerns about the reliability and oversight of AI systems used in critical operations. With the database wiped out, PocketOS may face severe disruptions, affecting their service delivery and data integrity. It also highlights the potential risks associated with integrating AI tools into production environments without adequate safeguards. Companies using AI for coding or infrastructure management need to ensure proper checks and balances are in place to prevent such catastrophic errors in the future.
SCM feed for Latest
Attackers exploited a vulnerability in Robinhood's account creation process, which allowed them to inject HTML into confirmation emails sent to new users. This flaw could be used to craft phishing emails that appear legitimate, potentially tricking users into providing sensitive information or clicking on malicious links. As a result, anyone signing up for Robinhood could be at risk of falling for these phishing attempts. It’s crucial for users to be vigilant and verify the authenticity of emails they receive, especially those requesting personal information. This incident serves as a reminder for companies to regularly audit their onboarding processes to prevent similar exploitation in the future.
Evan Tangeman, a 22-year-old from Newport Beach, California, was sentenced to 70 months in prison for laundering over $3.5 million linked to a significant cryptocurrency heist. This incident is part of a larger scheme where attackers stole approximately $230 million in digital assets. Tangeman's actions involved helping to obscure the origins of the stolen funds, which is a critical issue in the fight against cybercrime. His sentencing serves as a warning to others involved in similar activities, highlighting the legal repercussions of participating in the laundering of stolen cryptocurrencies. The case underscores ongoing concerns about the security of digital currencies and the challenges law enforcement faces in tracking illicit transactions.
A North Korean cyber group known as BlueNoroff is employing fake Zoom calls to target cryptocurrency executives. They are using stolen videos of victims and AI-generated avatars to create convincing impersonations, thereby tricking potential victims into downloading malware. This tactic allows the attackers to scale their operations effectively, posing a significant risk to individuals in the cryptocurrency sector. With the rise of remote communications, such sophisticated social engineering techniques could lead to increased vulnerabilities for professionals in this industry. Companies and individuals need to be aware of these tactics and take necessary precautions to protect themselves against such targeted attacks.
BleepingComputer
Hackers are actively exploiting a serious SQL injection vulnerability, identified as CVE-2026-42208, in the LiteLLM open-source large-language model gateway. This flaw allows attackers to access sensitive information stored within the system, which could lead to unauthorized data exposure. Users of LiteLLM, particularly those managing sensitive datasets, should be aware that their systems may be at risk. The vulnerability is already being targeted in the wild, making immediate action crucial for those using the affected software. As the situation develops, it is vital for organizations to stay informed about potential exploits and take necessary precautions to protect their data.
SCM feed for Latest
A new cybersecurity threat has emerged involving a malicious Python package called 'Elfsmasher' found on the PYPI repository. This package was designed to compromise systems by stealing sensitive information and executing harmful commands. Users of Python and developers relying on this repository are particularly at risk, as they may inadvertently download the package, thinking it is legitimate. This incident highlights the vulnerabilities in software supply chains and the need for developers to be vigilant about the packages they use. Additionally, other topics covered in the article include various security incidents related to companies like Facebook and Medtronic, indicating a broader trend of increasing security challenges across multiple sectors.
Security Affairs
CVE-2026-3854Researchers have discovered a serious vulnerability in GitHub, identified as CVE-2026-3854, which allows attackers to execute arbitrary code by simply pushing a git command. This flaw affects several GitHub products, including GitHub Enterprise Cloud, GitHub Enterprise Cloud with Data Residency, and GitHub Enterprise Cloud with Enterprise. The ability to run code remotely poses significant risks, as it could lead to unauthorized access or manipulation of repositories. Companies using these GitHub services should be vigilant and take immediate action to address this vulnerability, as it could potentially compromise their code and data integrity. Ensuring that all systems are updated and secure is essential to mitigate the risks associated with this exploit.
Greg Barbaccia, the Federal Chief Information Officer, expressed caution regarding the rollout of Anthropic’s Mythos model. While he acknowledges the model's potential to enhance cybersecurity measures for the federal government, he also pointed out that there are significant uncertainties about its effectiveness in practical scenarios. Barbaccia's experience with Mythos has largely been limited to evaluations and benchmarking, which means there are still many questions about how it will perform in real-world applications. This cautious approach suggests that while the government is interested in adopting new technologies, they are wary of rushing into implementation without a clear understanding of the risks and benefits involved. The federal government’s careful stance reflects broader concerns about integrating advanced AI solutions in cybersecurity.
In an unusual turn of events, two rival ransomware groups, 0APT and KryBit, have turned on each other, leaking sensitive data about their operations. This infighting has exposed details about their infrastructure and methods, providing valuable insights into how these groups operate. Security researchers have gained access to internal documents and communications that can help in understanding ransomware tactics. This situation is significant not only because it reveals the vulnerabilities within these criminal organizations but also because it may assist law enforcement and cybersecurity professionals in combating ransomware threats more effectively. As the battle between these groups continues, the leaked information could lead to new strategies for defending against ransomware attacks.
BleepingComputer
Vimeo has confirmed that user data was accessed without authorization due to a breach at Anodot, a company specializing in data anomaly detection. This incident has raised concerns as it potentially exposes sensitive information of Vimeo customers. While Vimeo has not disclosed the exact nature of the data accessed, users need to be cautious and monitor their accounts for any suspicious activity. This breach is significant as it underscores the vulnerabilities that can arise when companies share data with third-party services. Users are advised to update their passwords and enable two-factor authentication if they haven't already.
The Hacker News
CVE-2026-3854Researchers have identified a serious security flaw in GitHub.com and GitHub Enterprise Server, designated CVE-2026-3854, which could enable an authenticated user to execute arbitrary code remotely with just a single 'git push' command. This command injection vulnerability has a CVSS score of 8.7, indicating its severity. If exploited, it could allow attackers with repository push access to take control over affected systems. This issue affects both individual developers and organizations using GitHub for version control, highlighting the need for immediate awareness and action. Users are advised to monitor their repositories closely and apply any recommended patches as they become available.
A Brazilian cybercrime group known as LofyGang has returned after a three-year hiatus, launching a campaign targeting Minecraft players through a malware called LofyStealer, also referred to as GrabBot. This malicious software is disguised as a Minecraft hack named 'Slinky' and uses the official game icon to trick users into executing it. Once installed, LofyStealer can steal sensitive information from the victim's device. This resurgence is concerning for the gaming community, as it shows that cybercriminals are still active and adapting their tactics to exploit popular platforms. Players need to be cautious about downloading third-party software, especially those that claim to enhance game performance or functionality.