Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...

Vercel confirms breach as hackers claim to be selling stolen data

Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems ...

How AI is changing the rules of cybersecurity

AI systems rely on massive datasets, complex models and decision-making that evolves. The attack surface isn’t just bigger, ...

Google Chrome security flaw: Government flags bugs found in recent version; here's what you need to know and do

CERT-In flags multiple vulnerabilities in Google Chrome that could allow remote code execution and data theft, urging users ...

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Hackers are abusing n8n workflows to deliver malware and evade detection, according to Cisco Talos, using trusted automation ...
Communications of the ACM

Subscription Bombing: Email under Attack

Email subscription bombing (also known as subscription flooding or email spam bombing) is an attack technique that overwhelms ...

Wrench attacks often carried out by ‘cannon fodder’ thugs recruited on social media: report

France has been the epicenter of so-called wrench attacks. Young, disposable thugs often commit the crimes, an investigation ...

6 crypto scam scripts criminals use to steal your money

Learn the most common cryptocurrency scam scripts, from fake investments to romance fraud, and how to recognize warning signs ...
BizTech Magazine

Prompt Injection Attacks: The LLM Security Risk IT Leaders Must Address

Security leaders must adapt large language model controls such as input validation, output filtering and least-privilege ...

Crypto users targeted in ‘elaborate’ scam using popular notes app

Elastic Security Labs has warned those in crypto and finance to watch out for an “elaborate social engineering” scam that tricks them into allowing malware through the notes app Obsidian.
Microsoft

Cross‑tenant helpdesk impersonation to data exfiltration: A human-operated intrusion playbook

Threat actors are abusing external Microsoft Teams collaboration to impersonate IT helpdesk staff and convince users to grant ...

Hackers are abusing unpatched Windows security flaws to hack into organizations

A security researcher published details of three security vulnerabilities in Windows Defender, and the code used to exploit ...