information security news

Rules File Backdoor: AI Code Editors exploited for silent supply chain attacksRules File Backdoor: AI Code Editors exploited for silent supply chain attacks

Rules File Backdoor: AI Code Editors exploited for silent supply chain attacks

The Rules File Backdoor attack targets AI code editors like GitHub Copilot and Cursor, making them inject malicious code via…

1 month ago
U.S. CISA adds Fortinet FortiOS/FortiProxy and GitHub Action flaws to its Known Exploited Vulnerabilities catalogU.S. CISA adds Fortinet FortiOS/FortiProxy and GitHub Action flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Fortinet FortiOS/FortiProxy and GitHub Action flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiOS/FortiProxy and GitHub Action flaws to its Known Exploited Vulnerabilities catalog. The U.S.…

1 month ago
ChatGPT SSRF bug quickly becomes a favorite attack vectorChatGPT SSRF bug quickly becomes a favorite attack vector

ChatGPT SSRF bug quickly becomes a favorite attack vector

Threat actors exploit a server-side request forgery (SSRF) flaw, tracked as CVE-2024-27564, in ChatGPT, to target US financial and government…

1 month ago
GitHub Action tj-actions/changed-files was compromised in supply chain attackGitHub Action tj-actions/changed-files was compromised in supply chain attack

GitHub Action tj-actions/changed-files was compromised in supply chain attack

The GitHub Action tj-actions/changed-files was compromised, enabling attackers to extract secrets from repositories using the CI/CD workflow. Researchers reported that…

1 month ago
New StilachiRAT uses sophisticated techniques to avoid detectionNew StilachiRAT uses sophisticated techniques to avoid detection

New StilachiRAT uses sophisticated techniques to avoid detection

Microsoft discovered a new remote access trojan (RAT), dubbed StilachiRAT, that uses sophisticated techniques to avoid detection. In November 2024,…

1 month ago
Threat actors rapidly exploit new Apache Tomcat flaw following PoC release<gwmw style="display:none;"></gwmw>Threat actors rapidly exploit new Apache Tomcat flaw following PoC release<gwmw style="display:none;"></gwmw>

Threat actors rapidly exploit new Apache Tomcat flaw following PoC release<gwmw style="display:none;"></gwmw>

Threat actors began exploiting a recently disclosed Apache Tomcat vulnerability immediately after the release of a PoC exploit code. A…

1 month ago
Attackers use CSS to create evasive phishing messagesAttackers use CSS to create evasive phishing messages

Attackers use CSS to create evasive phishing messages

Threat actors exploit Cascading Style Sheets (CSS) to bypass spam filters and detection engines, and track users’ actions and preferences. …

1 month ago
Researcher releases free GPU-Based decryptor for Linux Akira ransomwareResearcher releases free GPU-Based decryptor for Linux Akira ransomware

Researcher releases free GPU-Based decryptor for Linux Akira ransomware

A researcher released a free decryptor for Linux Akira ransomware, using GPU power to recover keys through brute force. Security…

1 month ago
Denmark warns of increased state-sponsored campaigns targeting the European telcosDenmark warns of increased state-sponsored campaigns targeting the European telcos

Denmark warns of increased state-sponsored campaigns targeting the European telcos

Denmark 's cybersecurity agency warns of increased state-sponsored campaigns targeting the European telecom companies Denmark raised the cyber espionage threat…

1 month ago
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 37SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 37

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 37

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Undercover…

1 month ago
Show more Posts
Show previous Posts