The company behind the Claude chatbot said it caught a hacker using its chatbot to identify, hack and extort at least 17 companies. NBC News reports: A hacker has exploited a leading artificial intelligence chatbot to conduct the most comprehensive and lucrative AI cybercriminal operation known to date, using it to do everything from find […]
Customers are targeted through compromised OAuth access tokens from Salesloft Drift integrations. IT Pro reports: Google’s Threat Intelligence Group (GTIG) has revealed that hackers harvested user credentials from Salesforce customers in a widespread campaign during the first half of this month. The attacker, tracked as UNC6395, targeted Salesforce customer instances through compromised OAuth tokens associated […]
Coindoo reports: Physical attacks on cryptocurrency holders are rising sharply this year, with security experts warning that 2025 could become the most dangerous year yet for investors. At the Baltic Honeybadger conference in Riga, SatoshiLabs founder Alena Vranova described a wave of “wrench attacks” — kidnappings, assaults, and extortion aimed at forcing victims to surrender […]
GBHackers reports: Cybersecurity professionals and business leaders are on high alert following a confirmed breach of a utility billing software provider, traced to unpatched vulnerabilities in the widely used SimpleHelp Remote Monitoring and Management (RMM) platform. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory warning that ransomware actors have leveraged these security gaps […]
The Times of India reports: Google’s Threat Intelligence Group (GTIG) has issued a warning about a Russia-based hacking group, known as COLDRIVER. The Alphabet-owned company claims that this hacking group is using a newly identified malware called LOSTKEYS to steal data. The tech giant claims that this malware, which was tracked in multiple attacks this […]
Bleeping Computer reports: ClickFix attacks are gaining traction among threat actors, with multiple advanced persistent threat (APT) groups from North Korea, Iran, and Russia adopting the technique in recent espionage campaigns. ClickFix is a social engineering tactic where malicious websites impersonate legitimate software or document-sharing platforms. Targets are lured via phishing or malvertising and shown […]
Cyber Security News reports: A new malicious AI platform named Xanthorox AI has emerged, positioning itself as a friendly tool for hackers. First spotted in late Q1 2025, Xanthorox AI is being promoted in underground cybercrime forums as a modular, self-hosted solution for automated hacking operations, marking a new era in the sophistication of cyber […]
From a joint advisory by CISA and the FBI: The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint advisory to disseminate known Ghost (Cring)— (“Ghost”)—ransomware IOCs and TTPs identified through FBI investigation as recently as January 2025. Beginning early […]
Back in May 2024, the FBI issued a warning about the increasing threat of cybercriminals using AI in their scams to make it difficult for users to spot. Unilad reports: Cybercriminals are seemingly using all the right tricks to take advantage of innocent web users and recently, they have been targeting Gmail customers, which sees them use AI […]
Everything old is exploitable again? DarkReading reports: Abandoned cloud storage buckets present a major, but largely overlooked, threat to Internet security, new research has shown. The risks arise when bad actors discover and re-register these neglected digital repositories under their original name, and then use them to deliver malware or carry out other malicious actions […]
