Автор: Elizabeth Montalbano, Contributing Writer

Confirmation by South Korea’s data protection agency that the AI chatbot sent data to TikTok’s Chinese parent company has spurred a ban in that nation, and is again is calling into question DeepSeek’s safety.

The China-backed threat group often acts swiftly, going from initial access to compromise in just one day, a behavior atypical of cybercriminal groups.

The authentication bypass vulnerability in the OS for the company’s firewall devices is under increasing attack and being chained with other bugs, making it imperative for organizations to mitigate the issue ASAP.

Microsoft is warning the modular and potentially wormable Apple-focused infostealer boasts new capabilities for obfuscation, persistence, and infection, and could lead to a supply chain attack.

US, UK, and Australian law enforcement have targeted a company called Zservers (and two of its administrators) for providing bulletproof hosting services to the infamous ransomware gang.

The popular generative AI (GenAI) model allows hallucinations, easily avoidable guardrails, susceptibility to jailbreaking and malware creation requests, and more at critically high rates, researchers find.

Attackers are smuggling payment card-skimming malicious code into checkout pages on Magento-based e-commerce sites by abusing the Google Tag Manager ad tool.

A sophisticated cyberattack campaign is targeting organizations that still rely on Active Directory Federation Services (ADFS) for authentication across applications and services.

Funnull CDN rents IPs from legitimate cloud service providers and uses them to host criminal websites, continuously cycling cloud resources in and out of use and acquiring new ones to stay ahead of cyber-defender detection.

In an attack vector that’s been used before, threat actors aim to commit crypto fraud by hijacking highly followed users, thus reaching a broad audience of secondary victims.