have

This Week in Scams: Phony AI Ads, Apple Account Takeover Attempts, and a PlayStation Scam

AndyC 7 December 2025

For this week in scams, we have fake AI-generated shopping images that could spoil your holidays, scammers use an Apple...

Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks

AndyC 7 December 2025

Dec 06, 2025Ravie LakshmananAI Security / Vulnerability Over 30 security vulnerabilities have been disclosed in various artificial intelligence (AI)-powered Integrated...

Weekly Update 481

AndyC 6 December 2025

05 December 2025 Twelve years (and one day) since launching Have I Been Pwned, it's now a service that Charlotte...

GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections

AndyC 5 December 2025

Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting...

CISOs, CIOs and Boards: Bridging the Cybersecurity Confidence Gap

Sleepless in Security: What’s Actually Keeping CISOs Up at Night

AndyC 4 December 2025

When it comes to threats, today’s chief information security officers (CISOs) have their hands full. Between ransomware explosions, increasingly intricate...

Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code

AndyC 4 December 2025

Dec 03, 2025Ravie LakshmananMachine Learning / Vulnerability Three critical security flaws have been disclosed in an open-source utility called Picklescan...

Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems

AndyC 4 December 2025

Dec 03, 2025Ravie LakshmananMalware / Web3 Security Cybersecurity researchers have discovered a malicious Rust package that's capable of targeting Windows,...

MuddyWater: Snakes by the riverbank

AndyC 3 December 2025

ESET researchers have identified new MuddyWater activity primarily targeting organizations in Israel, with one confirmed target in Egypt. MuddyWater, also...

Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools

AndyC 3 December 2025

Dec 02, 2025Ravie LakshmananAI Security / Software Supply Chain Cybersecurity researchers have disclosed details of an npm package that attempts...

Weekly Update 480

AndyC 1 December 2025

01 December 2025 Well, I now have the answer to how Snapchat does age verification for under-16s: they give an...

We have achieved FreeBSD 15.0-REL with KDE Plasma

AndyC 29 November 2025

Houston, we have installed #FreeBSD 15.0-REL with KDE Plasma 6.4.5 on a Lenovo ThinkPad X1 Carbon Gen 6 laptop. I...

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

AndyC 29 November 2025

Nov 28, 2025Ravie LakshmananMalware / Vulnerability Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave...

MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants

AndyC 29 November 2025

Nov 28, 2025Ravie LakshmananEmail Security / Enterprise Security Cybersecurity researchers have shed light on a cross-tenant blind spot that allows...

OpenAI data may have been exposed after a cyberattack on analytics firm Mixpanel

AndyC 28 November 2025

OpenAI data may have been exposed after a cyberattack on analytics firm Mixpanel Pierluigi Paganini November 27, 2025 OpenAI warns...

ThreatsDay Bulletin: AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories

AndyC 28 November 2025

Nov 27, 2025Ravie LakshmananCybersecurity / Hacking News Hackers have been busy again this week. From fake voice calls and AI-powered...

have

This Week in Scams: Phony AI Ads, Apple Account Takeover Attempts, and a PlayStation Scam

Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks

Weekly Update 481

Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code

Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems

Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools

Weekly Update 480

We have achieved FreeBSD 15.0-REL with KDE Plasma

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants

OpenAI data may have been exposed after a cyberattack on analytics firm Mixpanel

ThreatsDay Bulletin: AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories

A brush with online fraud: What are brushing scams and how do I stay safe?

Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

ESET Threat Report H2 2025

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Donate Bitcoin to this address

Donate Ethereum to this address

Are current PAM solutions capable of handling NHIs

LangChain core vulnerability allows prompt injection and data exposure

Inside the Biggest Cyber Attacks of 2025

NPM package with 56,000 downloads compromises WhatsApp accounts

New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory

Donate Bitcoin to this address

Donate Ethereum to this address

You may have missed