The threat actors behind the VexTrio Viper Traffic Distribution Service (TDS) have been linked to other TDS services like Help TDS and Disposable TDS, indicating that the sophisticated cybercriminal operation is a sprawling enterprise of its own that's designed to distribute malicious content."VexTrio is a group of malicious adtech companies that distribute scams and harmful software via
A string of threat-actor OpSec failures have yielded unexpected windfalls for security researchers and defenders.
Cybersecurity researchers have discovered a novel attack technique called TokenBreak that can be used to bypass a large language model's (LLM) safety and content moderation guardrails with just a single character change."The TokenBreak attack targets a text classification model's tokenization strategy to induce false negatives, leaving end targets vulnerable to attacks that the implemented
AI is changing everything — from how we code, to how we sell, to how we secure. But while most conversations focus on what AI can do, this one focuses on what AI can break — if you’re not paying attention.Behind every AI agent, chatbot, or automation script lies a growing number of non-human identities — API keys, service accounts, OAuth tokens — silently operating in the background.And here’s
A novel attack technique named EchoLeak has been characterized as a "zero-click" artificial intelligence (AI) vulnerability that allows bad actors to exfiltrate sensitive data from Microsoft 365 Copilot's context sans any user interaction.The critical-rated vulnerability has been assigned the CVE identifier CVE-2025-32711 (CVSS score: 9.3). It requires no customer action and has been already
Human identities management and control is pretty well done with its set of dedicated tools, frameworks, and best practices. This is a very different world when it comes to Non-human identities also referred to as machine identities. GitGuardian’s end-to-end NHI security platform is here to close the gap.Enterprises are Losing Track of Their Machine IdentitiesMachine identities–service
Trend Micro has released security updates to address multiple critical-severity remote code execution and authentication bypass vulnerabilities that impact its Apex Central and Endpoint Encryption (TMEE) PolicyServer products. [...]
<p>Citizen Lab publishes forensic proof that spyware maker Paragon can compromise up-to-date iPhones. Journalists in Europe among victims.</p><p>The post <a href="https://www.securityweek.com/paragon-graphite-spyware-linked-to-zero-click-hacks-on-newest-iphones/">Paragon ‘Graphite’ Spyware Linked to Zero-Click Hacks on Newest iPhones</a> appeared first on <a href="https://www.securityweek.com">SecurityWeek</a>.</p>
Google Cloud and Cloudflare are investigating ongoing outages impacting access to sites and various services across multiple regions. [...]
<p>AI-generated voice deepfakes have crossed the uncanny valley, fueling a surge in fraud that outpaces traditional security measures. Detection technology is racing to keep up.</p><p>The post <a href="https://www.securityweek.com/deepfakes-and-the-ai-battle-between-generation-and-detection/">The AI Arms Race: Deepfake Generation vs. Detection</a> appeared first on <a href="https://www.securityweek.com">SecurityWeek</a>.</p>
_Marek_Uliasz_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
To truly future-proof your cybersecurity approach, it's vital to ensure that your security program is flexible and adaptable to both current and future business demands.
Forensic investigation has confirmed the use of Paragon's Graphite spyware platform in zero-click attacks that targeted Apple iOS devices of at least two journalists in Europe. [...]
ConnectWise has disclosed that it's planning to rotate the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise remote monitoring and management (RMM) executables due to security concerns.The company said it's doing so "due to concerns raised by a third-party researcher about how ScreenConnect handled certain configuration data in earlier versions.
<p>Hirundo tackles AI hallucinations and bias by making trained models “forget” poisoned, malicious, and confidential data.</p><p>The post <a href="https://www.securityweek.com/hirundo-raises-8-million-to-eliminate-ais-bad-behavior/">Hirundo Raises $8 Million to Eliminate AI’s Bad Behavior</a> appeared first on <a href="https://www.securityweek.com">SecurityWeek</a>.</p>
<p>The new attack technique uses smartwatches to capture ultrasonic covert communication in air-gapped environments and exfiltrate data.</p><p>The post <a href="https://www.securityweek.com/new-smartattack-steals-air-gapped-data-using-smartwatches/">New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches</a> appeared first on <a href="https://www.securityweek.com">SecurityWeek</a>.</p>
Cybersecurity researchers have uncovered a new account takeover (ATO) campaign that leverages an open-source penetration testing framework called TeamFiltration to breach Microsoft Entra ID (formerly Azure Active Directory) user accounts.The activity, codenamed UNK_SneakyStrike by Proofpoint, has affected over 80,000 targeted user accounts across hundreds of organizations' cloud tenants since a
<p>Microsoft recently patched CVE-2025-32711, a vulnerability that could have been used for zero-click attacks to steal data from Copilot.</p><p>The post <a href="https://www.securityweek.com/echoleak-ai-attack-enabled-theft-of-sensitive-data-via-microsoft-365-copilot/">‘EchoLeak’ AI Attack Enabled Theft of Sensitive Data via Microsoft 365 Copilot</a> appeared first on <a href="https://www.securityweek.com">SecurityWeek</a>.</p>
<p>It’s time for enterprises to stop treating unmanaged devices as an edge case and start securing them as part of a unified Zero Trust strategy.</p><p>The post <a href="https://www.securityweek.com/the-ztna-blind-spot-why-unmanaged-devices-threaten-your-hybrid-workforce/">The ZTNA Blind Spot: Why Unmanaged Devices Threaten Your Hybrid Workforce</a> appeared first on <a href="https://www.securityweek.com">SecurityWeek</a>.</p>
<p>Between May 2024 and April 2025, Cloudflare blocked 109 billion malicious requests targeting organizations protected under Project Galileo.</p><p>The post <a href="https://www.securityweek.com/surge-in-cyberattacks-targeting-journalists-cloudflare/">Surge in Cyberattacks Targeting Journalists: Cloudflare</a> appeared first on <a href="https://www.securityweek.com">SecurityWeek</a>.</p>
Hackers have been using the TeamFiltration pentesting framework to target more than 80,000 Microsoft Entra ID accounts at hundreds of organizations worldwide. [...]