Apr 10, 2025The Hacker NewsAI Security / Enterprise Security AI agents have rapidly evolved from experimental technology to essential business tools. The OWASP framework explicitly recognizes that Non-Human Identities play a key role in agentic…
Apr 10, 2025Ravie LakshmananCyber Espionage / Malware The Russia-linked threat actor known as Gamaredon (aka Shuckworm) has been attributed to a cyber attack targeting a foreign military mission based in Ukraine with an aim to…
Law enforcement authorities have announced that they tracked down the customers of the SmokeLoader malware and detained at least five individuals. “In a coordinated series of actions, customers of the Smokeloader pay-per-install botnet, operated by…
Apr 10, 2025Ravie LakshmananWebsite Security / Cybercrime Cybersecurity researchers have disclosed details of an artificial intelligence (AI) powered platform called AkiraBot that’s used to spam website chats, comment sections, and contact forms to promote dubious…
Lovable, a generative artificial intelligence (AI) powered platform that allows for creating full-stack web applications using text-based prompts, has been found to be the most susceptible to jailbreak attacks, allowing novice and aspiring cybercrooks to…
Apr 09, 2025Ravie LakshmananWindows Security / Vulnerability A Chinese-affiliated threat actor known for its cyber-attacks in Asia has been observed exploiting a security flaw in security software from ESET to deliver a previously undocumented malware…
Apr 09, 2025The Hacker NewsSecrets Management / DevOps GitGuardian’s State of Secrets Sprawl report for 2025 reveals the alarming scale of secrets exposure in modern software environments. Driving this is the rapid growth of non-human…
Apr 09, 2025Ravie LakshmananVulnerability / Ransomware Microsoft has revealed that a now-patched security flaw impacting the Windows Common Log File System (CLFS) was exploited as a zero-day in ransomware attacks aimed at a small number…
Apr 09, 2025Ravie LakshmananApplication Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Gladinet CentreStack to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of…
Apr 09, 2025Ravie LakshmananEndpoint Security / Vulnerability Microsoft has released security fixes to address a massive set of 126 flaws affecting its software products, including one vulnerability that it said has been actively exploited in…