Автор: Nate Nelson, Contributing Writer

In US Senate testimony, a CrowdStrike exec explained how this advanced persistent threat penetrated telcos in Asia and Africa, gathering SMS messages, unique identifiers, and other metadata along the way.

Using a malicious Chrome extension, researchers showed how an attacker could use a now-fixed bug to inject custom code into a victim’s Opera browser to exploit special and powerful APIs, used by developers and typically saved for only the most trusted …

LLMs tend to miss the forest for the trees, understanding specific instructions but not their broader context. Bad actors can take advantage of this myopia to get them to do malicious things, with a new prompt-injection technique.

Kremlin intelligence carried out a wide-scale phishing campaign in contrast to its usual, more targeted operations.

An attacker compromised one of Fortinet’s most sensitive products and mopped up all kinds of reconnaissance data helpful for future mass device attacks.

The Russian-language malware primarily enlists computers to mine Monero, but theoretically it can do worse.

Microsoft researchers toyed with app permissions to uncover CVE-2024-44133, using it to access sensitive user data. Adware merchants may have as well.

US officials disrupted the group’s DDoS operation and arrested two individuals behind it, who turned out to be far less intimidating than they were made out to be in the media.

A MOIS-aligned threat group has been using Microsoft Exchange servers to exfiltrate sensitive data from Gulf-state government agencies.

Threat detection tools yield too many false positives, security pros say, leading to burnout and resentment.