Real-time threat intelligence from trusted sources
A vulnerability in the 'node-forge' package allows attackers to bypass signature verifications by crafting seemingly valid data. This flaw poses a significant risk to applications relying on this cryptography library for secure data handling. Immediate attention is required to mitigate potential exploitation of this vulnerability.
The House Homeland Security Committee has summoned Anthropic CEO Dario Amodei to discuss the implications of a Chinese espionage campaign targeting the AI model Claude. This inquiry highlights the growing concerns over national security and the role of AI companies in safeguarding sensitive information against foreign threats.
Comcast is facing a $1.5 million fine due to a vendor data breach that compromised the personal information of nearly 275,000 customers. This incident highlights the ongoing risks associated with third-party vendors and the importance of data protection measures.
New legislation has been introduced in response to a surge in AI-assisted impersonations of U.S. officials, aiming to increase financial and criminal penalties for using AI to commit fraud. This move highlights the growing concern over the misuse of AI technologies in scams and the need for stricter regulations to protect individuals and institutions from deception.
The Shai-Hulud supply chain attack has escalated, now affecting the Maven ecosystem after previously compromising over 830 npm packages. The identified package, org.mvnpm:posthog-node:4.18.1, contains malicious components that pose significant risks to software security.
SCM feed for Latest
The article discusses the shortcomings of fragmented identity security approaches, highlighting the need for a unified strategy to protect against identity-related threats. It emphasizes the importance of integrating identity security measures to prevent vulnerabilities and enhance overall cybersecurity posture.
BleepingComputer
The Royal Borough of Kensington and Chelsea and Westminster City Council are facing service disruptions due to a cybersecurity incident. The severity of the issue suggests significant operational impacts on the affected councils' IT systems.
SCM feed for Latest
Ransomware group Devman has claimed responsibility for a cyberattack that disrupted the Georgia Superior Court Clerks' Cooperative Authority, leading to a shutdown of its website and services. This incident raises concerns about ongoing outages across the state and highlights the increasing threat of ransomware attacks on public services.
SCM feed for Latest
The article reports a significant cybersecurity threat involving the exposure of over 80,000 sensitive files containing critical information such as usernames, passwords, and API keys. These leaks, attributed to online tools JSONFormatter and CodeBeautify, pose severe risks to various sectors including government and healthcare, potentially compromising national infrastructure security.
SCM feed for Latest
The article reports on a hacking operation linked to Russia, specifically targeting a U.S. civil engineering firm that has connections to Ukraine. The attackers used the SocGholish malware, highlighting the ongoing cybersecurity threats faced by organizations involved in geopolitical conflicts.
SCM feed for Latest
The article discusses the ongoing threat of cyberattacks targeting legacy firewalls, emphasizing the need for security teams to adopt proactive defense strategies. It highlights the challenges posed by outdated security infrastructure and suggests measures to enhance protection against these persistent attacks.
In 2025, advanced fraud attacks increased by 180%, driven by cyber-scammers leveraging generative AI to create highly convincing fake identities, deepfakes, and autonomous bots. This surge in sophistication poses significant risks to digital security and highlights the urgent need for enhanced protective measures against such advanced threats.
Infosecurity Magazine
The OnSolve CodeRED emergency notification system has been disrupted by a cyber-attack attributed to the INC Ransom group, leading to compromised emergency notifications and exposure of user data across the United States. This incident raises significant concerns about the security of critical communication systems and the potential risks to public safety.
Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
New research highlights a significant security vulnerability in Microsoft Teams B2B Guest Access, allowing attackers to circumvent Defender for Office 365 protections with just a single invitation. This flaw poses a serious risk of malware attacks on users, emphasizing the need for immediate attention to security protocols within the platform.
The article discusses how AI, particularly in the form of 'Dark LLMs', is assisting low-level cybercriminals in performing competent tasks, although it is not meeting the high expectations set for its capabilities. This indicates a shift in how petty criminals are leveraging technology, but it also suggests that the overall technical effectiveness of AI in cybercrime is still lacking.