How recruitment fraud turned cloud IAM into a $2 billion attack surface

Adversaries weaponized recruitment fraud to steal cloud credentials, pivot through IAM misconfigurations, and reach AI ...
CSO Online

Shai-Hulud & Co.: The software supply chain as Achilles’ heel

The threat situation in the software supply chain is intensifying. Securing it belongs at the top of the CISO’s agenda.
Microsoft

Infostealers without borders: macOS, Python stealers, and platform abuse

How modern infostealers target macOS systems, leverage Python‑based stealers, and abuse trusted platforms and utilities to ...
The Hacker News

⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats

This week’s cybersecurity recap highlights key attacks, zero-days, and patches to keep you informed and secure.
The Standard

KWS officers arrest three suspects, seize elephant tusks, wildlife skins

KWS officers have arrested three suspects and seized ten elephant tusks, three leopard skins, and three python skins during an operation in Lokichar targeting regional trafficking networks.

AI framework flaws put enterprise clouds at risk of takeover

Two "easy-to-exploit" vulnerabilities in the popular open-source AI framework Chainlit put major enterprises' cloud environments at risk of leaking data or even full takeover, according to ...
GameSpot

Marvel Rivals Developer Is Preparing To Crack Down On This New Exploit

GameSpot may get a commission from retail offers. Marvel Rivals introduced an upgrade to its hero proficiency system last week, allowing players to earn new rewards. Many of these rewards--including ...
Ars Technica

A single click mounted a covert, multistage attack against Copilot

Microsoft has fixed a vulnerability in its Copilot AI assistant that allowed hackers to pluck a host of sensitive user data with a single click on a legitimate URL. The hackers in this case were white ...
PC Gamer

Action RPG players will exploit anything in the name of efficiency, which is why Path of ...

Third Person Shooter I wish I wasn't missing out on new quests in Arc Raiders just because I'm not willing to grind the old ones every two months Third Person Shooter There's a huge Arc Raiders ...
Bleeping Computer

Latest Software Development Life Cycle news

Recent supply-chain breaches show how attackers exploit development tools, compromised credentials, and malicious NPM packages to infiltrate manufacturing and production environments. Acronis explains ...
Bleeping Computer

Why a secure software development life cycle is critical for manufacturers

For all the scary talk about cyberattacks from vendors and industry experts, relatively few attacks are actually devastating. But the Jaguar Land Rover (JLR) attack was. The JLR breach wasn’t some ...
GitHub

exploit-development

This repository is maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), AI security, ...