InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
techtimes

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

An unpatched SQL injection vulnerability in the Ghost content management system has been weaponized in an active, large-scale cyberattack that has compromised more than 700 websites worldwide — ...
The Hacker News

Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT

SideCopy targeted Afghanistan's Finance Ministry with Xeno RAT via Pashto phishing lures, enabling espionage and system ...
Arabian Post on MSN

Trusted tools become malware delivery routes

Attackers are increasingly abusing legitimate system utilities and widely used administrative tools to deliver malware, move through networks and avoid detection, forcing security teams to rethink ...
Cryptopolitan on MSN

North Korea’s Lazarus turns to fileless malware in new crypto attacks

Lazarus Group has deployed RemotePE, a fully memory-resident trojan that is extremely hard for traditional antivirus and forensic tools to detect.

Websites have a new way to spy on visitors: Analyzing their SSD activity

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique, named FROST (fingerprinting remotely using OPFS-based SSD timing), allows ...
Computerworld

Industry

Nextcloud CEO: Open source moves from 'a nerdy audience' to the geopolitical stage Frank Karlitschek, head of the German software vendor, talked about the company’s decision to help develop the ...
sei.cmu

CERT Division

The CERT Division is a leader in cybersecurity. We partner with government, industry, law enforcement, and academia to improve the security and resilience of computer systems and networks. We study ...