1. Fortinet released an emergency patch for a critical vulnerability in FortiClient EMS that is currently being exploited in the wild (BleepingComputer).
2. German authorities identified a 31 year old Russian national as the leader of the REvil and GandCrab ransomware gangs responsible for over 130 attacks (The Hacker News).
3. A six month social engineering campaign by DPRK threat actors resulted in the theft of 285 million dollars from the Solana based exchange Drift (The Hacker News).
4. Hackers are conducting an automated credential theft campaign by exploiting the React2Shell vulnerability in vulnerable Next.js applications (BleepingComputer).
5. A campaign involving 36 malicious npm packages was discovered targeting Redis and PostgreSQL databases to deploy persistent implants (Reddit).
6. Scammers are distributing fake traffic violation notices via text messages that use QR codes to direct victims to phishing sites (BleepingComputer).
7. Reports indicate that TeamPCP utilized the Trivy tool to breach Cisco and the EU Commission among over 1000 other organizations (Reddit).
8. Researchers identified a new class of GPU Rowhammer attacks named GDDRHammer and GeForge that can achieve root shell access (Reddit).
9. Users are reporting that fake downloads of the Claude Code tool are being used to distribute malware (Reddit).
10. A security report claims that LinkedIn is stealthily scanning visitor browsers for over 6000 Chrome extensions and harvesting hardware data (Reddit).
11. Anthropic conducted an AI bug bounty program on open source software that successfully identified over 500 zero day vulnerabilities (Reddit).
12. A new Linux driver project named hid-omg-detect is in development to help identify malicious HID devices (Reddit).
Be First to Comment