Tag: emerging threats
3073 articles
AI-Developed Zero-Day Exploit Exposes New Threats
Google's discovery of the first AI-generated zero-day exploit is a game-changer, revealing a new level of threat sophistication. This historic finding shows that AI can now be used not just to identify vulnerabilities, but to create and deploy malicious code.
Microsoft Fixes BitLocker Issue on Windows 11
Microsoft has fixed a frustrating issue with BitLocker on Windows 11, where devices with certain Group Policy configurations were prompted to enter their BitLocker recovery key after installing a recent update. The fix is available in update KB5089549 for Windows 11 25H2.
Microsoft Fixes Autopatch Bug Deploying Restricted Drivers
Microsoft fixed a Windows Autopatch bug that caused a small number of EU devices to receive restricted driver updates despite administrative policies in place to block them. The issue affected specific Windows 11 versions, including 23H2, 24H2, and 25H2.
Avada Builder Flaws Put 1 Million WordPress Sites at Risk
Two newly discovered flaws in the Avada Builder plugin have put a staggering 1 million WordPress sites at risk, allowing hackers to exploit vulnerabilities and access sensitive server files. This critical security threat highlights the urgent need for site owners to take action and protect their online presence.
China-linked hackers exploit Microsoft Exchange in Azerbaijani energy firm attacks.
A group of China-linked hackers, known as FamousSparrow, launched a sustained cyberattack on an Azerbaijani oil and gas company, exploiting Microsoft Exchange vulnerabilities in a multi-wave intrusion that spanned three months. The attackers used the ProxyNotShell exploit to gain and maintain access to the victim's environment.
Instructure Negotiates Data Return After Ransomware Breach
In a major win for data security, Instructure has successfully negotiated the return of stolen data and confirmed its destruction after a ransomware breach affected nearly 9,000 educational institutions using its Canvas Learning Management System. The company has ensured that its affected customers are protected and won't be individually targeted for extortion.
Microsoft's AI System Uncovers 16 Windows Flaws in Patch Tuesday Release
Microsoft's cutting-edge AI system, MDASH, has successfully uncovered 16 critical Windows flaws in the latest Patch Tuesday release by leveraging a team of over 100 specialized AI agents. This innovative approach combines multiple AI models to detect and prove exploitable bugs, showcasing its potential to revolutionize cybersecurity.
Foxconn Hit by Nitrogen Ransomware Attack
Foxconn, the world's largest electronics manufacturer, confirmed that some of its North American factories were hit by a cyberattack, with the Nitrogen ransomware operation claiming to have stolen a large trove of sensitive data. The company swiftly activated its response mechanism to minimize disruption and ensure production continuity.
Microsoft Patches 138 Vulnerabilities, Including Critical DNS and Netlogon Flaws
Microsoft just patched a critical DNS flaw that could let hackers execute code on your network, along with 137 other vulnerabilities - so make sure to update ASAP! The update also includes a mandatory rollout of updated Secure Boot certificates to keep your system secure.
Remediation Programs Often Fail to Validate Fixes
The alarming truth is that remediation programs often fall short, with a staggering mismatch between the speed of exploits and fixes - Mandiant's report reveals a mean time to exploit of just -7 days, while Verizon's data shows a median remediation time of 32 days.
Autonomous Validation Gains Urgency as AI-Powered Attacks Accelerate
In just 14 days, Anthropic's new AI model, Mythos, astonishingly generated 181 working Firefox exploits - a dramatic leap from the previous state of the art, which managed only two - and uncovered thousands of zero-day vulnerabilities across major OS and browsers, many of which remain unpatched today.
CISOs Weigh Ransom Payments Amid Ransomware Resilience Gap
A surprising 58% of CISOs admit they'd consider paying a ransom to quickly restore encrypted systems, revealing a stark reality in the ongoing battle against ransomware. This willingness varies by geography, with 63% of US CISOs and 47% of UK CISOs open to making a payment.
Microsoft Disrupts Office Installation on Windows 365 Devices
Microsoft has confirmed that a recent update has caused some Windows 365 users to lose access to Microsoft Office downloads and installations, and is now working on a fix to resolve the issue. The tech giant is tracking the problem under incident WP1309017 and is developing a solution to correct the configuration change that caused the disruption.
Global Agencies Unveil AI Supply Chain Risk Guidance with SBOMs
Global agencies have joined forces to release groundbreaking guidance on AI supply chain risk, outlining minimum elements for Software Bill of Materials (SBOMs) to enhance security and transparency. This crucial step forward aims to tackle the complex challenges of measuring and defining AI risks across organizations.
Australia's Defence Spending Plan Leaves $17.4 Billion in Uncertainty
A whopping $17.4 billion of Australia's promised $53 billion defence spending boost hangs in the balance, leaving a significant chunk of the nation's defence future uncertain. Only $6.8 billion of the planned increase is firmly accounted for in the near term, sparking questions about the government's long-term strategy.
NATO Exercise Exposes UGV Communication Limits in Woodland Terrain
In a recent NATO exercise, a major hurdle emerged for unmanned ground vehicles (UGVs) equipped with Starlink: dense woodland terrain that rapidly degrades communication links and blocks high-speed connections. This limitation was starkly exposed during the Crystal Arrow exercise in Latvia, where UGVs were put through rigorous brigade-level trials.
GemStuffer Exploits RubyGems to Exfiltrate UK Council Data
Meet GemStuffer, a sneaky campaign that's hijacking the RubyGems registry to steal sensitive data, including information from a UK council, by hiding scraped content within seemingly harmless package files. Over 150 malicious gems have been used to store and exfiltrate this data, exposing it to anyone who knows where to look.
UK Cybersecurity Market Booms as Government Targets Enhanced Resilience
The UK's cybersecurity market is thriving, generating £14.7bn in revenue and supporting nearly 70,000 jobs, with the government investing in its own defenses and setting national standards to boost resilience. This booming sector has seen a 20% surge in cybersecurity firms, now totaling 2,603, and a 17% annual increase in gross value added.
Microsoft Patch Tuesday Disrupts 120 Vulnerabilities with AI-Driven Insights
Microsoft's May Patch Tuesday update tackles a whopping 120 vulnerabilities, including 17 critical flaws that could leave your systems exposed to remote code execution, elevation of privilege, and information disclosure attacks. Prioritize patching now to safeguard your domain controllers and prevent potentially disastrous breaches.
Google Bolsters Android Spyware Defenses with Intrusion Logging Feature
Google just launched a game-changing feature to help protect Android users from spyware: Intrusion Logging, a powerful tool that collects forensic data to help investigate suspected device compromises. Now available in Advanced Protection Mode, this innovative feature lets users opt-in to safeguard their digital security and peace of mind.
TeamPCP Open-Sources Shai-Hulud Worm, Fuels Malware Proliferation
Malware mayhem takes a dark turn as TeamPCP open-sources the notorious Shai-Hulud Worm, sparking concerns of widespread malware proliferation. Security experts warn that independent threat actors are already modifying and expanding its reach.
Vietnam to Build Domestic Cloud to Bolster Data Sovereignty
Vietnam is taking a major step towards securing its digital future by building a domestic cloud infrastructure, aiming to safeguard national data and reduce reliance on foreign cloud services by 2030. This move will bolster data sovereignty, enhance cybersecurity, and drive the country's digital transformation.
Microsoft Patch Tuesday Exposes 137 Vulnerabilities, Including 30 Critical Flaws
Microsoft just dropped a massive Patch Tuesday update, fixing 137 vulnerabilities - including 30 critical flaws and 14 high-severity bugs scoring 9.0 or higher on the CVSS scale. This surge in patches, partly driven by AI-powered bug detection, is expected to continue, making it crucial to stay on top of updates.
US House Panel Probes Instructure Over Massive Canvas Cyberattack
A massive cyberattack on Instructure's Canvas platform has sparked a congressional investigation, after hackers claimed to have stolen a staggering 280 million data records from nearly 9,000 schools and online education platforms. The breach has left schools reeling, especially during final exams, and is raising urgent questions about data security.