Threat actors are abusing ChatGPT’s content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application. […]
ChatGPT share links abused to host fake outage pages to deliver malware Read More »
California Attorney General Rob Bonta filed a lawsuit against 23andMe, now Chrome Holding Co., over the company’s failure to protect sensitive customer genetic and personal information. […]
California AG sues 23andMe over 2023 breach exposing health data Read More »
Shadow AI used to mean employees pasting things they shouldn’t into ChatGPT. It now means something bigger: employees building full applications with AI, wiring them into production systems, and publishing them on the open internet. Without Security or IT in the loop. The artifact moved from a prompt to a product. The risk surface moved
What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks Read More »
Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil’s largest cooperative financial systems, to siphon client IDs and PFX certificates. According to Socket, versions 2.0.0 through 2.0.4 of “Sicoob.Sdk” contain functionality to exfiltrate sensitive information, including PFX certificates that are used to
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets Read More »
DDoS attacks are increasingly being sold like subscription services, complete with pricing tiers, support, and reseller programs. Flare explores how the DDoS-as-a-Service market has evolved from scattered tools into polished attack platforms. […]
From $5 Attacks to Botnet-Powered Platforms: Inside the DDoS-as-a- Service Market Read More »
Dutch authorities have taken offline a massive botnet of 17 million devices and seized more than 200 servers at a local provider that supported the operation. […]
Dutch govt disrupts malware botnet with 17 million infected devices Read More »
The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through March and April 2026. “Kimsuky employed a range of tailored social engineering tactics, such as spoofing security software installation pages and crafting a fake Webex
Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels Read More »
Google says the Chrome Device Bound Session Credentials (DBSC) security feature is now generally available and is rolling out to all users to prevent account takeovers. […]
Google Chrome adds session cookie theft protection for all users Read More »
A Google security engineer was charged with insider trading after winning $1.2 million using confidential company data to place bets on the cryptocurrency-based Polymarket decentralized prediction market. […]
US charges Google security engineer with Polymarket insider trading Read More »
A North Carolina man was sentenced to more than 10 years in prison for selling the personal information of over 7 million elderly Americans to Jamaican scammers. […]
Man sent to prison for selling data of 7 millions elderly Americans Read More »