Cybersecurity researchers have disclosed details of a suspected artificial intelligence (AI)-generated malware codenamed Slopoly put to use by a financially motivated threat actor named Hive0163. “Although still relatively unspectacular, AI-generated… Read More »Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks
Cybersecurity researchers have disclosed details of a new banking malware targeting Brazilian users that’s written in Rust, marking a significant departure from other known Delphi-based malware families associated with the… Read More »Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays
Another Thursday, another pile of weird security stuff that somehow happened in just seven days. Some of it is clever. Some of it is lazy. A few bits fall into… Read More »ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack & More
Phishing has quietly turned into one of the hardest enterprise threats to expose early. Instead of crude lures and obvious payloads, modern campaigns rely on trusted infrastructure, legitimate-looking authentication flows,… Read More »How to Scale Phishing Detection in Your SOC: 3 Steps for CISOs
The most dangerous phishing campaigns aren’t just designed to fool employees. Many are designed to exhaust the analysts investigating them. When a phishing investigation takes 12 hours instead of five… Read More »Attackers Don’t Just Send Phishing Emails. They Weaponize Your SOC’s Workload
Apple on Wednesday backported fixes for a security flaw in iOS, iPadOS, and macOS Sonoma to older versions after it was found to be used as part of the Coruna… Read More »Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit
Cybersecurity researchers have discovered half-a-dozen new Android malware families that come with capabilities to steal data from compromised devices and conduct financial fraud. The Android malware range from traditional banking… Read More »Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting n8n to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.… Read More »CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed
Agentic web browsers that leverage artificial intelligence (AI) capabilities to autonomously execute actions across multiple websites on behalf of a user could be trained and tricked into falling prey to… Read More »Researchers Trick Perplexity’s Comet AI Browser Into Phishing Scam in Under Four Minutes
Cybersecurity researchers have disclosed details of two now-patched security flaws in the n8n workflow automation platform, including two critical bugs that could result in arbitrary command execution. The vulnerabilities are… Read More »Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials