Tag: emerging threats
3047 articles
Microsoft Bolsters AI Security with Open-Source RAMPART and Clarity Tools
Microsoft's new open-source tools, RAMPART and Clarity, empower product managers and engineers to stress-test AI security assumptions early on, saving months of potential rework and costly mistakes. With RAMPART, developers can write and run safety tests to identify vulnerabilities in AI agents, covering both adversarial and benign threats.
Grafana Breach Exposes Missed Security Step After TanStack Attack
A single misstep in Grafana's security protocol allowed attackers to gain access to its GitHub repositories, following a supply-chain incident involving malicious TanStack packages. A missed GitHub workflow token proved to be the key that enabled the breach.
Android Malware Campaign Silently Invoices Users via Fake Apps
Malware hidden in nearly 250 fake Android apps has been silently invoicing users for premium services, with victims largely unaware of the charges. The sneaky campaign, dubbed Premium Deception, targeted subscribers in several countries, including Malaysia, Thailand, Romania, and Croatia, over a 10-month period.
Microsoft Disrupts Malware-Signing Service Used in Ransomware Attacks
Microsoft swooped in to shut down a notorious malware-signing service, seizing the website signspace.cloud and taking down hundreds of virtual machines used to fuel ransomware attacks. This bold move, dubbed OpFauxSign, crippled a key operation run by the threat actor Fox Tempest, which had been using Microsoft's own system against them since May 2025.
Mini Shai-Hulud Worm Targets AntV Ecosystem with Coordinated npm Package Attack
In a shocking one-hour surge, 639 malicious versions were pushed across 323 unique npm packages, crippling the AntV ecosystem with a massive coordinated attack linked to the Mini Shai-Hulud worm. This brazen move was designed not only to spread chaos but also to slow down analysis and detection efforts.
Enterprises Unprepared for Agent AI Risks as Identity Gaps Persist
Enterprises are rolling out Agent AI at scale, but a staggering 57% of identity elements remain unseen and unmanaged, leaving them woefully unprepared for the risks that come with it. This "identity dark matter" now outweighs visible, centrally managed elements, threatening to expose businesses to devastating consequences.
Enterprises Lose Visibility as AI Adoption Surges
As AI adoption surges in ANZ enterprises, a concerning gap is emerging: over half of organizations lack confidence in their ability to monitor and govern these new technologies, leaving them vulnerable to an expanding attack surface. AI agents and copilots are rolling out faster than security teams can keep up, creating a visibility blind spot that's hard to ignore.
Malvertisers Exploit Code Signing in TamperedChef Malware Campaigns
Meet the sneaky malware campaign that's been flying under the radar, leveraging polished marketing tactics and code signing to spread its malicious reach - with over 4,000 samples and 100 unique variants uncovered across three distinct clusters of activity.
ExifTool Flaw Exposes Macs to Arbitrary Command Execution
A newly discovered vulnerability in ExifTool, known as CVE-2026-3102, left Macs open to hackers who could exploit it to run malicious commands by hiding them in image metadata. This flaw allowed attackers to take control by slipping instructions into seemingly harmless image files.
Webworm Expands Arsenal with EchoCreep, GraphWorm Backdoors
Meet Webworm's latest tricks: EchoCreep and GraphWorm, two custom backdoors that let the China-aligned actor control and manipulate systems using unconventional channels like Discord and Microsoft Graph API. These new tools enable file uploads, downloads, and command execution, showcasing Webworm's creative approach to cyber threats.
Australia Weighs Japanese Submarine Option as Collins Upgrade Risks Rise
As Australia navigates a precarious era, experts warn that the country's submarine upgrade plans are fraught with risk, making a Japanese fallback option an increasingly attractive - and necessary - safeguard. With AUKUS still the top choice for nuclear-propelled subs, a scaled-back Collins life-extension plan raises red flags that can't be ignored.
Bolstering AI Resilience Across Cloud and Data Environments
As AI agents and copilots increasingly access, share, and store enterprise data, organisations in Australia and New Zealand face a pressing question: can they keep their data secure and recoverable in this new landscape? The integration of agentic AI and copilots is expanding data pathways, creating new operational risks that demand attention to visibility, protection, and recovery readiness.
Device Security Must Complement Identity to Thwart Modern Threats
Authentication is no longer enough to guarantee security - even with multi-factor authentication in place, phishing kits can capture session tokens, allowing attackers to bypass security checks undetected. As a result, device security must step up to complement identity and prevent modern threats.
GitHub Breach Exposes Internal Repositories
GitHub has confirmed a cyber incident that exposed its internal repositories, sparking concerns about the security of code and sensitive data. The breach raises questions about the potential impact on users and the measures being taken to prevent future incidents.
Drupal Rushes Security Fix to Plug High-Risk Bug
Drupal is rushing out a critical security update today to fix a high-risk bug that could be exploited by hackers within hours of the patch being released. The update is a core security release aimed at plugging a vulnerability that poses a significant threat to users.
Webworm APT Expands European Reach with Evolved Tactics
Meet Webworm, a China-aligned APT group that's now setting its sights on European governments and beyond, with a semi-opportunistic approach that's taken its targets to Belgium, Italy, Poland, Serbia, Spain, and even South Africa. This threat actor's evolved tactics signal a concerning expansion of its reach.
AI Botnets Fuel DDoS Surge in Financial Sector
The financial sector saw a staggering 2.41 billion network- and transport-layer denial-of-service attacks in 2025, with banking bearing the brunt, accounting for 60% of total web attacks and over 80% of API-related incidents. TurboMirai, a powerful AI botnet, was a key driver of this alarming surge, fueling attacks that lasted a whopping 738% longer than usual.
GitHub Hit by Internal Repo Breach via Malicious VS Code Extension
GitHub's internal repositories were breached after a malicious Visual Studio Code extension was used to launch the attack, but thankfully, customer data appears to be safe. The incident has left users wondering what else may have been compromised.
Exploit Released for PinTheft Linux Flaw
A critical Linux flaw, dubbed PinTheft, has been exploited, allowing local attackers to gain root privileges on affected systems through a complex vulnerability in the Reliable Datagram Sockets (RDS) code. This security gap can be triggered by a specific interaction between RDS zerocopy and io_uring fixed buffers.
Typosquatting Evolves Into Supply Chain Threat
Typosquatting has morphed into a sinister supply chain threat, with attackers now embedding malicious lookalike domains within legitimate third-party scripts to intercept sensitive data. This alarming evolution has led to devastating attacks, such as the Trust Wallet compromise, where 2,500 wallets were drained in just 48 hours.
GitHub Breach Exposes 3800 Internal Repositories to Malicious VS Code Extension
GitHub's security team swiftly contained a breach that exposed 3,800 internal repositories to a malicious VS Code extension, and immediately took action to prevent further damage. The company has completed critical secret rotations and is now meticulously analyzing logs to ensure the incident is fully resolved.
Met Police Surveillance Exposes Data Requests Surge
The Metropolitan Police made a staggering 700,000+ requests to tech companies in 2025 to access private communications data, helping officers solve crimes, find missing people, and gather crucial intelligence. This massive surge in data requests highlights the force's growing reliance on digital information to keep London safe.
Microsoft Mitigates YellowKey BitLocker Bypass Exploit with New Guidance
Microsoft has stepped in to squash a newly revealed BitLocker bypass exploit, dubbed YellowKey, by releasing crucial guidance to protect users from potential attacks. This security move comes after a researcher demonstrated how the exploit could spawn a shell with unrestricted access to sensitive data.
Barracuda Warns of CypherLoc Scareware Targeting Millions
Millions of users are under attack by the CypherLoc scareware, with Barracuda researchers tracking around 2.8 million attacks since January 2026 alone. This staggering number reveals a coordinated and widespread campaign that's putting tens of millions of people at risk.