Posts by Samir K

A new threat intelligence report has revealed that an unknown group of hackers used a commercial AI tool to target the systems of a municipal water and drainage utility in…

A major security flaw has placed Ollama, one of the most widely used platforms for running local AI models, at risk of a high-profile exposure event. The issue, dubbed “Bleeding…

[[{"value":"Dragos has published a report describing how threat actors used Claude AI in an attack on a water and drainage utility in Mexico. The post Claude AI Guided Hackers Toward…

Microsoft is expanding interoperability in its mobile communication ecosystem by allowing Microsoft Teams users on Android devices to join third-party meetings via the Session Initiation Protocol (SIP). Recently detailed on…

A new wave of cyberattacks is putting macOS users in the crosshairs, and this time the bait looks almost too familiar. Attackers are disguising their malware as helpful disk cleanup…

Distributed Denial of Service (DDoS) campaign targeted a large-scale user-generated content platform, unleashing over 2.45 billion malicious requests in just five hours. Rather than relying on brute-force methods, the attackers distributed…

A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems. vm2 is an open-source library used to run untrusted JavaScript code inside a secure sandbox by intercepting and proxying JavaScript objects to prevent sandboxed code from accessing the host

Google has officially promoted Chrome 148 to the stable channel for Windows, Mac, and Linux, rolling out version 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and Mac, one of the…

A large-scale phishing campaign has been quietly targeting organizations across the United States, using fake event invitations as bait. Rather than sending a suspicious attachment or an obvious scam link,…

A newly identified malware called Salat is raising serious alarms across the cybersecurity community for its sophisticated design and surprisingly wide range of capabilities. Built using the Go programming language,…

A new and highly organized fraud network called FEMITBOT has emerged, exploiting Telegram’s Mini App feature to run large-scale cryptocurrency scams and push malicious Android software onto users worldwide. The…

A dark web platform calling itself Darkhub has surfaced on the Tor network, openly advertising hacking-for-hire services to anyone willing to pay. The platform presents itself as a one-stop shop…

Authors of the VoidStealer Trojan uncovered a way to get around Google's App-Bound Encryption (ABE), opening the door to infostealers. Read More

ShinyHunters' attack on Instructure, which owns the widely used Canvas learning management system (LMS), carries big questions about the trust educational institutions put into their vendors. Read More