The Dual-Use Dilemma of AI: Malicious LLMs

A fundamental challenge with large language models (LLMs) in a security context is that their greatest strengths as defensive tools are precisely what enable their offensive power. This issue is known as the dual-use dilemma, a concept typically applied to Read More …

US banks scramble to assess data theft after hackers breach financial tech firm

Several U.S. banking giants and mortgage lenders are reportedly scrambling to assess how much of their customers’ data was stolen during a cyberattack on a New York financial technology company earlier this month. SitusAMC, which provides technology for over a Read More …

From Extortion to E-commerce: How Ransomware Groups Turn Breaches into Bidding Wars

Ransomware has evolved from simple digital extortion into a structured, profit-driven criminal enterprise. Over time, it has led to the development of a complex ecosystem where stolen data is not only leveraged for ransom, but also sold to the highest Read More …

CISA orders feds to patch Oracle Identity Manager zero-day after signs of abuse

CISA has ordered US federal agencies to patch against an actively exploited Oracle Identity Manager (OIM) flaw within three weeks – a scramble made more urgent by evidence that attackers may have been abusing the bug months before a fix Read More …

CrowdStrike fires ‘suspicious insider’ who passed information to hackers

Cybersecurity giant CrowdStrike has confirmed firing a “suspicious insider” last month who allegedly fed information about the company to a notorious hacking group. A hacking collective known as Scattered Lapsus$ Hunters published screenshots late Thursday and Friday morning in a Read More …

WhatsApp security flaw lets experts scrape 3.5 billion user numbers

WhatsApp users may need to take extra steps to protect their account information following a potentially concerning discovery. A study by researchers at the University of Vienna revealed the app’s contact-discovery system enabled the collection of extensive WhatsApp user data Read More …

Google says hackers stole data from 200 companies following Gainsight breach

Google has confirmed that hackers have stolen the Salesforce-stored data of more than 200 companies in a large-scale supply chain hack. On Thursday, Salesforce disclosed a breach of “certain customers’ Salesforce data” — without naming affected companies — that was Read More …

European Union Agency for Cybersecurity (ENISA) becomes a Common Vulnerabilities and Exposures (CVE) Program-Root

As a Common Vulnerability and Exposure (CVE) Numbering Authority (CNA), ENISA is authorised to assign CVE Identifiers (CVE IDs) and to publish CVE Records for vulnerabilities discovered by or reported to EU CSIRTs, in line with their dedicated coordinator roles Read More …

Logitech Confirms Data Breach After Cl0p, Linked to Oracle E-Business Suite Exploits, Takes Responsibility

Hardware and software solutions company Logitech has disclosed a data breach that exposed employee, customer, and supplier information. “Logitech International S.A. (“Logitech”) recently experienced a cybersecurity incident relating to the exfiltration of data,” the company stated. Read more… Source: CPO Read More …

US, UK, and Australia sanction Russian ‘bulletproof’ web host used in ransomware attacks

The governments of the United States, United Kingdom, and Australia have sanctioned a Russian “bulletproof” web hosting company and several of its related firms for allegedly being used to launch ransomware attacks against U.S. victims and critical infrastructure. In a Read More …