Microsoft to Enforce MFA for Azure Command-Line Tools Starting October 2025

#cybersecurity #software #infosec

High-severity vulnerability in Passwordstate credential manager. Patch now.

Dan Goodin / arstechnica - Vulnerability can be exploited to gain access to customers' crown jewels.

High-severity vulnerability in Passwordstate credential manager. Patch now.

6 months / arstechnica / Dan Goodin

Passwordstate dev urges users to patch auth bypass vulnerability

6 months / bleepingcomputer / Sergiu Gatlan

New research shows passkeys can be hijacked through malicious extensions

Duncan Riley / siliconangle - A new report out today from browser security company SquareX Ltd. reveals a critical flaw in passkeys, the widely promoted alternative to passwords, that could allow attackers to hijack accounts across banking, e-commerce and enterprise software-as-a-serv…

#cybersecurity #infosec #privacy

Unpacking Passkeys Pwned: Possibly the most specious research in decades

6 months / arstechnica / Dan Goodin

New research shows passkeys can be hijacked through malicious extensions

#cybersecurity #dataprivacy #business #finance

TransUnion admits 4.5M affected after third-party support app breached

Connor Jones / theregister - Credit agency offers own services as compensation Credit scoring and monitoring biz TransUnion says that it recently suffered a breach affecting nearly 4.5 million individuals.…

Credit Bureau TransUnion Hit With Data Breach Affecting 4.4 Million People

6 months / cnet / Blake Stimac

TransUnion Data Breach Hits 4.4 Million Customers

6 months / pymnts / PYMNTS

Consumer credit reporting giant TransUnion warns it suffered a data breach exposing the personal information of over 4.4 million people in the United States.

6 months / bsky / @bleepingcomputer.com / bleepingcomputer.com

The credit reporting giant confirmed unauthorized access to a third-party application storing the personal information of its customers.

6 months / bsky / @techcrunch.com / techcrunch.com

TransUnion suffers data breach impacting over 4.4 million people

TransUnion admits 4.5M affected after third-party support app breached

6 months / theregister / Connor Jones

TransUnion says hackers stole 4.4 million customers’ personal information

6 months / techcrunch / Zack Whittaker

Covert Influence Operations in Greenland Exposed

Diplomatic tensions spiked after Danish officials summoned a U.S. diplomat amid revelations that individuals tied to Trump were allegedly orchestrating covert influence operations in Greenland. The episode has stirred international eyebrows and left policy watchers bemused by these clandestine maneuvers.

#cybersecurity #defensetech #government #cia

People With Ties to Trump Accused of Carrying Out ‘Covert’ Influence Operations in Greenland

6 months / gizmodo / Lucas Ropek

FBI says China’s Salt Typhoon hacked at least 200 US companies

Zack Whittaker / techcrunch - The FBI's cyber chief says the long-running China-backed hacking campaign is "ongoing" and affecting companies all over the world.

#cybersecurity #china #government #us

FBI and allies warn Salt Typhoon cyber campaign has targeted 200 US companies in 80 countries

FBI says China’s Salt Typhoon hacked at least 200 US companies

6 months / techcrunch / Zack Whittaker

Global Salt Typhoon hacking campaigns linked to Chinese tech firms

#cybersecurity #cloud #cybercrime

The intruder is in the house: Storm-0501 attacked Azure, stole data, demanded payment via Teams

Jessica Lyons / theregister - Don't let it happen to you Storm-0501, a financially motivated cybercrime crew, recently broke into a large enterprise's on-premises and cloud environments, ultimately exfiltrating and destroying data within the org's Azure environment. The criminals then…

Storm-0501 hackers shift to ransomware attacks in the cloud

The intruder is in the house: Storm-0501 attacked Azure, stole data, demanded payment via Teams

6 months / theregister / Jessica Lyons

Microsoft report warns Storm-0501 is turning cloud features into ransomware weapons

#ai #cybersecurity #anthropic #aiethics

Anthropic Cybersecurity Team Warns ‘Agentic AI Has Been Weaponized’

PYMNTS / pymnts - Anthropic is warning of the growing use of artificial intelligence (AI) in cybercrime. “Agentic AI has been weaponized,” the company wrote Wednesday (Aug. 27) in an announcement accompanying its Threat Intelligence report. “AI models are now being used to…

Anthropic Says Bad Actors Have Now Turned To 'Vibe Hacking'

6 months / bgr

Crims laud Claude to plant ransomware and fake IT expertise

6 months / theregister / Thomas Claburn

Anthropic says agentic AI ran an extortion playbook, end to end

6 months / implicator / Maria Garcia

Anthropic admits its AI is being used to conduct cybercrime

6 months / engadget / Matt Tate

Anthropic Warns of New 'Vibe Hacking' Attacks That Use Claude AI

6 months / cnet / Omar Gallaga

Anthropic Cybersecurity Team Warns ‘Agentic AI Has Been Weaponized’

6 months / pymnts / PYMNTS

Anthropic Report Reveals How its AI is Weaponized for ‘Vibe-Hacking’ and No-Code Ransomware

6 months / winbuzzer / Markus Kasanmascheff

‘Vibe-hacking’ is now a top AI threat

6 months / theverge / Hayden Field

The first AI-powered ransomware has been discovered — "PromptLock" uses local AI to foil heuristic detection and evade API tracking

tomshardware - Security firm ESET has discovered a new type of ransomware that uses a local AI model to generate malicious scripts and perform other illicit activities. Because of the variance of LLM output, this malware is harder to track than traditional attacks.

#ai #cybersecurity #infosec #cybercrime

First AI-powered ransomware spotted, but it's not active – yet

6 months / theregister / Jessica Lyons

The first AI-powered ransomware has been discovered — "PromptLock" uses local AI to foil heuristic detection and evade API tracking

6 months / tomshardware

Nevada closes state offices as cyberattack disrupts IT systems

Lawrence Abrams / bleepingcomputer - Nevada remains two days into a cyberattack that began early Sunday, disrupting government websites, phone systems, and online platforms, and forcing all state offices to close on Monday. [...]

#cybersecurity #infosec #government #cybercrime

Nevada remains two days into a cyberattack that began early Sunday, disrupting government websites, phone systems, and online platforms, and forcing all state offices to close on Monday.

6 months / bsky / @bleepingcomputer.com / bleepingcomputer.com

Nevada closes state offices as cyberattack disrupts IT systems

New AI attack hides data-theft prompts in downscaled images

Cloudflare introduces tools to manage AI risks and protect data

Wayne Williams / betanews - Cloudflare has launched new Zero Trust tools in its Cloudflare One platform to help businesses adopt artificial intelligence securely at scale. The features aim to give organizations better visibility into how AI is used, as well as protection from unappr…

#ai #cybersecurity #cloudsec #genai

Cloudflare introduces tools to manage AI risks and protect data

6 months / betanews / Wayne Williams

Cloudflare rolls out new defenses for generative AI in the enterprise

Perplexity's Comet AI Web Browser Had a Major Security Vulnerability

Brave: Perplexity’s Comet obeyed hidden prompts, exposing logged-in accounts

Marcus Schuler / implicator - Brave discovered Perplexity's AI browser executes hidden malicious commands from web pages, bypassing decades of security protections. As every major browser adds AI agents, enterprises rush to buy secure alternatives.

#ai #cybersecurity #browsers #security

6 months / cnet / Imad Khan

Perplexity's AI-powered Comet browser leaves users vulnerable to phishing scams and malicious code injection — Brave and Guardio's security audits call out paid AI browser

6 months / tomshardware

Brave discovers a security flaw in Perplexity’s Comet browser

6 months / the-decoder / Maximilian Schreiner

Brave: Perplexity’s Comet obeyed hidden prompts, exposing logged-in accounts

6 months / implicator / Marcus Schuler

Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet

6 months / simonwillison / Simon Willison

Apple Sues Ex-Employee Who Allegedly Stole Apple Watch Secrets for Chinese Rival Oppo

Juli Clover / macrumors - Apple today filed a lawsuit in Northern California against Chen Shi, a former employee who left Apple and took a job at Chinese smartphone maker Oppo. According to Apple, Shi stole trade secrets relating to Apple Watch development and provided the informa…

#cybersecurity #apple #asia #law

Apple has accused a former Apple Watch engineer of stealing confidential sensor technology and handing it to Oppo, a Chinese rival trying to catch up in the smartwatch market.

6 months / bsky / @appleinsider.com / appleinsider.com

Apple accuses former Apple Watch staffer of conspiring to steal trade secrets for Oppo

6 months / theverge / Jay Peters

Apple Sues Ex-Employee Who Allegedly Stole Apple Watch Secrets for Chinese Rival Oppo

6 months / bsky / @macrumors.bsky.social / macrumors.bsky.social

Apple Watch designs allegedly stolen and provided to Oppo

6 months / appleinsider

Apple Sues Ex-Employee Who Allegedly Stole Apple Watch Secrets for Chinese Rival Oppo

6 months / macrumors / Juli Clover

Arch Linux continues to feel the force of a DDoS attack after two brutal weeks — attackers yet to be identified as project struggles to restore full service

tomshardware - The Arch Linux project team are working to mitigate the impact, while keeping details of who, why and how close to its chest

#cybersecurity #infosec #distributions #linux

Arch Linux continues to feel the force of a DDoS attack after two brutal weeks — attackers yet to be identified as project struggles to restore full service

6 months / tomshardware

Arch Linux takes a pounding as DDoS attack enters week two

6 months / theregister / Gareth Halfacree

Dev plants kill switch in ex-employer's network that crashed servers and deleted files, gets four years in the slammer — kill switch triggered by dev's removal from Active Directory when fired

tomshardware - A software engineer called Davis Lu was sentenced to four years in prison for creating a kill switch in his former employer's network.

#cybersecurity #infosec #cybercrime #law

Developer gets 4 years for activating network “kill switch” to avenge his firing

6 months / arstechnica / Ashley Belanger

The ex-developer was convicted of planting malicious code designed to crash its servers in the event that he was fired.

6 months / bsky / @techcrunch.com / techcrunch.com

Dev plants kill switch in ex-employer's network that crashed servers and deleted files, gets four years in the slammer — kill switch triggered by dev's removal from Active Directory when fired

6 months / tomshardware

Developer gets prison time for sabotaging former employer’s network with a ‘kill switch’

6 months / techcrunch / Zack Whittaker

Developer jailed for taking down employer's network with kill switch malware

Iain Thomson / theregister - Pro tip: When taking revenge, don't use your real name A US court sentenced a former developer at power management biz Eaton to four years in prison after he installed malware on the company’s servers.…

#cybersecurity #cybercrime #security #law

Developer jailed for taking down employer's network with kill switch malware

6 months / theregister / Iain Thomson

Dev gets 4 years for creating kill switch on ex-employer's systems

#cybersecurity #software #infosec #browsers

Ukrainian suspect arrested in Italy over Nord Stream sabotage

Authorities in Italy have arrested a Ukrainian individual linked to the Nord Stream pipeline sabotage plot, codenamed “Operation Diameter.” This arrest comes as international investigations intensify over alleged acts of industrial sabotage against critical infrastructure, igniting a flurry of diplomatic and security concerns.

#cybersecurity #ukraine #europe #law

Perplexity's Comet browser naively processed pages with evil instructions

Thomas Claburn / theregister - Rival Brave flags prompt injection vulnerability, now patched To the surprise of no one in the security industry, processing untrusted, unvalidated input is a bad idea.…

Perplexity's Comet browser naively processed pages with evil instructions

6 months / theregister / Thomas Claburn

Perplexity’s Comet AI browser tricked into buying fake items online

#cybersecurity #opensource #infosec #python

PyPI now blocks domain resurrection attacks used for hijacking accounts

Bill Toulas / bleepingcomputer - The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking accounts through password resets. [...]

The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking accounts through password resets.

6 months / bsky / @bleepingcomputer.com / bleepingcomputer.com

PyPI now blocks domain resurrection attacks used for hijacking accounts