Tag: emerging threats
3126 articles
AI-Powered Vulnerability Discovery Outpaces Remediation
The AI-powered Mythos model discovered a staggering number of vulnerabilities, including a 27-year-old bug in OpenBSD and a four-bug exploit chain that bypassed browser and OS defenses, with fewer than 1% of these vulnerabilities patched. This led Anthropic to delay a public release and share the findings with tech giants like Apple and Microsoft to prioritize patching.
Biobank Data Breach Exposes 500k Volunteers on Alibaba
A major data breach at UK-based Biobank has exposed the medical records of around 500,000 volunteers on the Chinese e-commerce site Alibaba, putting sensitive information at risk of being misused. The compromised dataset, described as one of the world's most comprehensive biomedical datasets, was listed for sale, sparking urgent concerns about data security.
Google Unveils AI Agent Identity Platform to Tackle New Identity Risks
Google is stepping up its game in AI security with a new platform that gives autonomous software agents their own unique identities, ensuring that every action is verified, recorded, and accountable. This move towards zero-trust verification means organizations can trust their AI agents to act with integrity and transparency.
UK Warns of Chinese Hackers' Proxy Network Tactics to Evade Detection
The UK's National Cyber Security Centre has warned that Chinese hacking groups are using a sophisticated network of proxies to evade detection, with multiple covert networks constantly being updated and used by multiple threat actors. This alarming shift in tactics has prompted a coordinated warning from the NCSC-UK and nine international partners.
China-Linked APT Group Exploits Legitimate Services for Covert Ops
ESET researchers have uncovered a treasure trove of clues, analyzing 6,044 Slack messages and 3,005 Discord messages that reveal the covert operations of a China-linked APT group, dubbed GopherWhisper, which has been active since at least 2023. The recovered logs provide a rare glimpse into the group's tactics, thanks to hardcoded credentials in Go-based backdoors that gave investigators access to the group's command and control channels.
UK Cyber Agency Unveils Anti-Malware Gadget for Display Devices
Meet SilentGlass, a game-changing anti-malware device from the UK's National Cyber Security Centre that shields your display screens and monitors from cyber threats with unprecedented ease. This innovative gadget is now available for commercial use, protecting vulnerable IT infrastructure like never before.
CISA Mandates Patching of Exploited BlueHammer Flaw in Federal Systems
Don't let your federal systems become an easy target: CISA is mandating the patching of the exploited BlueHammer flaw to prevent malicious cyber actors from gaining a foothold. A high-severity vulnerability in Microsoft Defender can allow low-privileged users to gain SYSTEM permissions - but a patch is available.
Education Sector Grapples with 63% Surge in Cyber-Attacks
The education sector is facing a daunting reality: a 63% surge in cyber-attacks is putting institutions at risk, threatening the very openness and collaboration that define higher education. Can schools and universities keep pace with the growing threat?
NCSC Endorses Passkeys as Default Login Method
The UK's National Cyber Security Centre now recommends passkeys as the default login method, marking a significant shift away from passwords. This endorsement comes after a year of collaboration with industry and notable improvements in passkey technology.
Vercel Breach Exposes Additional Customer Accounts
A recent Vercel breach exposed additional customer accounts after a malicious chain of events began with a compromised employee account at Context.ai, which was likely triggered by a simple online search for Roblox scripts. The breach highlights the risks of malware distribution and token theft, with threat intel pointing to a sophisticated attack targeting valuable keys and account credentials.
Eset Exposes Chinese Hackers' Careless Backdoor Tactics
Chinese hackers have been caught off guard by their own carelessness, leaving behind a digital trail that exposed their previously undetected backdoor tactics. Researchers uncovered over 9,000 messages revealing the attackers' testing systems and habits, leading to the identification of a Chinese nation-state actor dubbed GopherWhisper.
China-Linked GopherWhisper Targets Mongolian Government Systems with Go Backdoors
A China-linked cyber group, dubbed GopherWhisper, has been targeting Mongolian government systems with a suite of Go-based backdoors, infecting at least 12 systems and potentially dozens more. The attackers used clever tactics, routing command-and-control traffic through compromised Discord and Slack servers.
Weak Passwords Expose Firms to Data Loss Risk
One careless decision - using the same easily-guessable password across multiple environments - left a client vulnerable to disaster, despite a hefty investment in security tools. A simple password like "admin123" pinned in a shared Slack channel created a single point of failure that put the entire system at risk.
Researchers Expose AI Agents to Malicious Prompt Injection Payloads
Imagine a browser AI that can summarize web pages, but with a hidden vulnerability that allows malicious instructions to be embedded and executed - a newly discovered threat that security researchers are warning deserves our attention. Forcepoint researchers have uncovered 10 real-world examples of indirect prompt injection payloads designed to subvert AI agents and wreak havoc.
NCSC Endorses Passkeys Over Passwords in New Guidance
Say goodbye to password headaches! The UK's National Cyber Security Centre now recommends passkeys as a user-friendly alternative that provides stronger resilience, making it easier to log in securely.
Apple Fixes iOS Flaw That Preserved Deleted Signal Notifications
Apple has fixed a frustrating iOS flaw that was causing deleted Signal notifications to stick around, and you can get the solution by updating your iPhone or iPad to the latest software version. The update addresses a logging issue that allowed deleted notifications to be retained on the device.
Vought Targets Shipbuilders with OMB Rebuke at Sea Air Space
In a stunning move, Office of Management and Budget chief Russel Vought took aim at the shipbuilding industry during the Navy League's Sea Air Space conference, delivering a sharp rebuke that made headlines. His bold intervention marked a dramatic close to the annual gathering.
US Navy Faces Sustained Strain as Industrial Base Lags
The US Navy is buckling under the weight of soaring demands with a dwindling workforce, sparking concerns about its ability to keep pace. With its fleet aging and the defense industrial base struggling to keep up, the pressure is on to find a solution.
CoAspire Unveils Extended-Range Cruise Missile with Tomahawk-Like Capabilities
CoAspire has just unveiled the RAACM-ER, an extended-range cruise missile boasting a range of over 1,000 nautical miles and game-changing capabilities that rival the renowned Tomahawk missile. This cutting-edge weapon was introduced at Sea-Air-Space 2026, showcasing CoAspire's innovative approach to modern missile technology.
Navy Secretary Phelan Departs Pentagon Amid Iran Blockade
In a sudden move, Navy Secretary John C. Phelan is leaving his post, effective immediately, as the Navy maintains a historic blockade of Iranian ports. Undersecretary Hung Cao steps in as acting secretary, following Phelan's swift departure from the Pentagon.
Supreme Court Weighs Limits on Geofence Warrants
The Supreme Court is set to tackle a pressing question: do geofence warrants, a relatively new law enforcement tool, overstep constitutional boundaries? This high-stakes case, Chatrie v. The United States, could have far-reaching implications for digital privacy and police power.
Iran Escalates Ship Attacks in Strait of Hormuz
A container ship narrowly escaped disaster in the Strait of Hormuz after an Iranian gunboat fired on it, causing significant damage to the bridge, but thankfully no injuries or environmental harm. The alarming incident is the latest escalation in a series of attacks in the region, heightening tensions in this critical waterway.
Trump Names Execs to Lead Space Force Acquisition, NRO
President Trump has nominated two top defense executives, Erich Hernandez-Baquero and Roger Mason, to lead major US space acquisition and reconnaissance organizations. This move comes as the Space Force is set to receive a massive 342% funding boost to $19.1 billion for procurement in fiscal 2027.
CISA Nominee Plankey Withdraws Amid Senate Gridlock
Sean Plankey, the nominee to lead the Cybersecurity and Infrastructure Security Agency, has withdrawn his nomination, citing Senate gridlock that had stalled his confirmation for 13 months. In a letter, he asked President Trump to remove his nomination, expressing support for the department's leadership.