Detecting leaked credentials is only half the battle. The real challenge—and often the neglected half of the equation—is what happens after detection. New research from GitGuardian’s State of Secrets Sprawl 2025 report reveals a disturbing…
May 12, 2025Ravie LakshmananMalware / Artificial Intelligence Threat actors have been observed leveraging fake artificial intelligence (AI)-powered tools as a lure to entice users into downloading an information stealer malware dubbed Noodlophile. “Instead of relying…
May 10, 2025Ravie LakshmananBiometric Data / Privacy Google has agreed to pay the U.S. state of Texas nearly $1.4 billion to settle two lawsuits that accused the company of tracking users’ personal location and maintaining…
May 10, 2025Ravie LakshmananCryptocurrency / Cybercrime Germany’s Federal Criminal Police Office (aka Bundeskriminalamt or BKA) has seized the online infrastructure and shutdown linked to the eXch cryptocurrency exchange over allegations of money laundering and operating…
A joint law enforcement operation undertaken by Dutch and U.S. authorities has dismantled a criminal proxy network that’s powered by thousands of infected Internet of Things (IoT) and end-of-life (EoL) devices, enlisting them into a…
The North Korean threat actors behind the Contagious Interview campaign have been observed using updated versions of a cross-platform malware called OtterCookie with capabilities to steal credentials from web browsers and other files. NTT Security…
May 09, 2025Ravie LakshmananMalware / Email Security Cybersecurity researchers are warning of a new campaign that’s targeting Portuguese-speaking users in Brazil with trial versions of commercial remote monitoring and management (RMM) software since January 2025.…
May 09, 2025The Hacker NewsArtificial Intelligence / Software Security AI agents are changing the way businesses work. They can answer questions, automate tasks, and create better user experiences. But with this power comes new risks…
May 09, 2025Ravie LakshmananSupply Chain Attack / Malware Cybersecurity researchers have flagged three malicious npm packages that are designed to target the Apple macOS version of Cursor, a popular artificial intelligence (AI)-powered source code editor.…
The Vulnerability Treadmill The reactive nature of vulnerability management, combined with delays from policy and process, strains security teams. Capacity is limited and patching everything immediately is a struggle. Our Vulnerability Operation Center (VOC) dataset…