Results for "attack surface"
26 results found
Attackers Exploit Hidden Vulnerabilities, Experts Warn
Many organizations overlook critical security blind spots. Attackers increasingly target these gaps, bypassing traditional defenses. Experts urge continuous visibility and proactive monitoring.
Open Source Project Hijacked in Phishing Campaign Targeting 14,000 Users
A developer discovered their open source tool was weaponized to phish thousands. The incident underscores supply chain risks in the open source ecosystem.
AI Outpaces Human Patching, Making Vulnerability Windows Obsolete
AI-powered bug detection finds vulnerabilities faster than humans can patch. The industry shifts from reactive patching to building resilient software from the start.
ChatGPT Mac App Vulnerability Patched After Security Flaw Found
A security flaw in the ChatGPT Mac app could have exposed conversations. OpenAI says no data was accessed and the issue is now fixed.
New SSD Side-Channel Attack Lets Websites Spy on User Activity
Researchers uncover a technique that exploits SSD access patterns to track user behavior online. The attack requires specific conditions but raises fresh privacy concerns.
GitHub Confirms Breach of 3800 Repos via Malicious VSCode Extension
GitHub says 3,800 repositories were compromised by a malicious VSCode extension. The attack stole credentials and may have spread further.
Inside the SolarWinds Breach: Hackers Had Full Access to Treasury Systems
New details reveal Russian-linked hackers infiltrated Treasury email systems far deeper than previously known. The supply chain attack compromised thousands of government and private networks, exposing critical security gaps.
Microsoft 365 Users Targeted by Sophisticated Password Reset Attacks
Hackers linked to Storm-2949 are exploiting password reset systems to break into Microsoft 365 accounts. The campaign uses multi-layered techniques to bypass security.
GitHub Breach Exposes Thousands of Internal Repositories After Employee Installs Malicious VS Code Extension
A GitHub employee installed a malicious VS Code extension leading to exposure of thousands of internal repositories.
Pentagon Reportedly Pursues Weaponized AI Models, Raising Ethical Concerns
Pentagon plans to weaponize advanced AI models, including Anthropic's Claude Mythos Preview, despite supply chain risks. The move signals a major shift in military cyber strategy.
Cybersecurity Defies AI Job Displacement Trends
While AI threatens many roles, cybersecurity hiring is booming. Experts say the field's complexity and need for human judgment keep demand high. Here's why cyber remains a safe bet.
Hackers Claim Massive Data Breach at Instructure, Targeting 9,000 Schools
Hackers say they stole student and staff data from nearly 9,000 schools using Instructure’s Canvas platform and locked users out, demanding negotiation by May 12.
Microsoft Warns AI Chatbots Are Steering Users to Malicious Sites
Microsoft warns that AI chatbots may direct users to malicious websites as threat actors adapt social engineering. Users should verify links carefully.
AI-Powered Cloud Attacks Outpace Security Defenses
Businesses recognize the threat of AI-driven cloud attacks but lack the infrastructure to respond at machine speed.
Developer Plants Prompt Injection in Open Source App to Disrupt AI Coders
A developer added hidden prompt injection instructions to an open-source Java testing tool, causing AI coding agents to delete their own work.
Microsoft warns of GPU mining malware spread via SEO poisoning and AI chatbots
Microsoft uncovered a cryptojacking campaign targeting gamers and high-end PC users. Malware disguised as popular utilities like HWMonitor is spread through SEO poisoning and AI chatbot recommendations.
Overprivileged AI Agents Expose Banking Systems to New Attacks
Financial firms face mounting security risks as AI agents access excessive data and systems. Overprivileged permissions create compliance vulnerabilities and trust issues across banking.
US Law Enforcement Targets 'Anti-Tech Extremism' as AI Backlash Intensifies
Federal agencies shift focus to surveil anti-technology extremists amid growing AI protests and attacks.
Phone Makers Add Special Security Modes to Block Spyware Attacks
Apple, Google and Meta now offer special security modes that protect devices from targeted spyware. These settings limit device vulnerabilities for high-risk users.
Google Releases Exploit for Unfixed Chromium Bug
Google released exploit code for an unpatched Chromium vulnerability that could let attackers monitor users and create botnets. The flaw has remained unfixed for 29 months.