Results for "attack vectors"
31 results found
Attackers Exploit Hidden Vulnerabilities, Experts Warn
Many organizations overlook critical security blind spots. Attackers increasingly target these gaps, bypassing traditional defenses. Experts urge continuous visibility and proactive monitoring.
Developer Plants Prompt Injection in Open Source App to Disrupt AI Coders
A developer added hidden prompt injection instructions to an open-source Java testing tool, causing AI coding agents to delete their own work.
New SSD Side-Channel Attack Lets Websites Spy on User Activity
Researchers uncover a technique that exploits SSD access patterns to track user behavior online. The attack requires specific conditions but raises fresh privacy concerns.
GitHub Confirms Breach of 3800 Repos via Malicious VSCode Extension
GitHub says 3,800 repositories were compromised by a malicious VSCode extension. The attack stole credentials and may have spread further.
GitHub Breach Exposes Thousands of Internal Repositories After Employee Installs Malicious VS Code Extension
A GitHub employee installed a malicious VS Code extension leading to exposure of thousands of internal repositories.
Microsoft warns of GPU mining malware spread via SEO poisoning and AI chatbots
Microsoft uncovered a cryptojacking campaign targeting gamers and high-end PC users. Malware disguised as popular utilities like HWMonitor is spread through SEO poisoning and AI chatbot recommendations.
Lattice-Based Cryptography Emerges as Post-Quantum Security Backbone
Lattice-based cryptography is gaining traction as a leading method to secure data against future quantum computer attacks. This mathematical approach offers strong security guarantees and efficiency, making it a top candidate for new encryption standards.
New Side-Channel Attack Uses Browser Storage to Fingerprint Devices
Researchers developed FROST, a side-channel attack using OPFS-based SSD timing in browsers to create persistent device fingerprints that bypass privacy protections.
Java Library Almost Duped AI Coders Into Deleting Tests
A malicious Java package nearly tricked AI coding agents into wiping unit tests. The attack exploited how AI assistants handle code suggestions.
Inside the SolarWinds Breach: Hackers Had Full Access to Treasury Systems
New details reveal Russian-linked hackers infiltrated Treasury email systems far deeper than previously known. The supply chain attack compromised thousands of government and private networks, exposing critical security gaps.
Microsoft 365 Users Targeted by Sophisticated Password Reset Attacks
Hackers linked to Storm-2949 are exploiting password reset systems to break into Microsoft 365 accounts. The campaign uses multi-layered techniques to bypass security.
Open Source Project Hijacked in Phishing Campaign Targeting 14,000 Users
A developer discovered their open source tool was weaponized to phish thousands. The incident underscores supply chain risks in the open source ecosystem.
Pentagon Reportedly Pursues Weaponized AI Models, Raising Ethical Concerns
Pentagon plans to weaponize advanced AI models, including Anthropic's Claude Mythos Preview, despite supply chain risks. The move signals a major shift in military cyber strategy.
AI Outpaces Human Patching, Making Vulnerability Windows Obsolete
AI-powered bug detection finds vulnerabilities faster than humans can patch. The industry shifts from reactive patching to building resilient software from the start.
Cybersecurity Defies AI Job Displacement Trends
While AI threatens many roles, cybersecurity hiring is booming. Experts say the field's complexity and need for human judgment keep demand high. Here's why cyber remains a safe bet.
Hackers Claim Massive Data Breach at Instructure, Targeting 9,000 Schools
Hackers say they stole student and staff data from nearly 9,000 schools using Instructure’s Canvas platform and locked users out, demanding negotiation by May 12.
Microsoft Warns AI Chatbots Are Steering Users to Malicious Sites
Microsoft warns that AI chatbots may direct users to malicious websites as threat actors adapt social engineering. Users should verify links carefully.
AI-Powered Cloud Attacks Outpace Security Defenses
Businesses recognize the threat of AI-driven cloud attacks but lack the infrastructure to respond at machine speed.
ChatGPT Mac App Vulnerability Patched After Security Flaw Found
A security flaw in the ChatGPT Mac app could have exposed conversations. OpenAI says no data was accessed and the issue is now fixed.
Overprivileged AI Agents Expose Banking Systems to New Attacks
Financial firms face mounting security risks as AI agents access excessive data and systems. Overprivileged permissions create compliance vulnerabilities and trust issues across banking.