-
1. Typosquatting: When Your Domain Is Used Against You (truesec.com) ▲ -
2. 10 year old critical vulnerability in phpBB affecting tens of millions of users (aikido.dev) ▲ -
3. ShinyHunters is actively extorting universities after exploiting an unpatched Oracle flaw (cyberscoop.com) ▲ -
4. Malware developers added nuclear and biological weapons text to to their spyware (x.com) ▲ -
5. Who Runs the Ransomware Group 'The Gentlemen'? (krebsonsecurity.com) ▲ -
6. Infostealers Turn Millions of Devices Into Credential Theft Machines (securityweek.com) ▲ -
7. Chrome's zero-day Whac-A-Mole continues with fifth exploited bug of the year (theregister.com) ▲ -
8. A Botnet Accidentally Destroyed I2P (sambent.com) ▲ -
9. Microsoft Hacked to Deliver Malware to Claude and Gemini Users (404media.co) ▲ -
10. From cause to cash: a cross-border look at hacktivist activity (securelist.com) ▲ -
11. Ransomware crims got a month-long head start on Check Point VPN 0-day that now has a fix (theregister.com) ▲ -
12. Anthropic: Measuring LLMs’ impact on N-day exploits (red.anthropic.com) ▲ -
13. Mapping AI-enabled cyber threats: Insights from the LLM ATT&CK Navigator (red.anthropic.com) ▲ -
14. Meta accuses NSO Group of defying spyware injunction, files contempt of court complaint (cyberscoop.com) ▲ -
15. 1,000 Data Breaches Later, the Disclosure Lag is Worse Than Ever (troyhunt.com) ▲ -
16. New IronWorm malware hits 36 packages in npm supply-chain attack (bleepingcomputer.com) ▲ -
17. Anthropic: Using LLMs to secure source code (claude.com) ▲ -
18. Anthropic Defending Code Reference Harness (github.com) ▲ -
19. NSA using Anthropic’s Mythos for cyber attacks (ft.com) ▲ -
20. CISA warns of cyberattacks targeting fuel tank monitoring systems (bleepingcomputer.com) ▲ -
21. Banned Russian Submunitions Found After Mali's Military Announces Airstrikes (bellingcat.com) ▲ -
22. Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts (krebsonsecurity.com) ▲ -
23. Another bug hunter leaks Microsoft exploits in defiance of company’s handling of vulnerability disclosures (theregister.com) ▲ -
24. Malicious npm releases detected across @redhat-cloud-services/ scope (github.com) ▲ -
25. Netherlands blocks US takeover of vital digital supplier (politico.eu) ▲ -
26. Extortion crews are visiting law firms pretending to be tech support, FBI warns (theregister.com) ▲ -
27. Malware dev tries to steal Claude users' secrets, writes npm slop, leaks own GitHub private token (theregister.com) ▲ -
28. Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries (theregister.com) ▲ -
29. Hackers are now using ChatGPT share links to deliver malware (neowin.net) ▲ -
30. Federal audit reveals NIST’s NVD is plagued by poor planning and duplication (cyberscoop.com) ▲