New AgingFly malware used in attacks on Ukraine govt, hospitals

A new malware family named 'AgingFly' has been identified in attacks against local governments and hospitals that steal ...
Dark Reading

EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses

Stopping EDR killers, which employ bring-your-own-vulnerable-driver (BYOVD) attack techniques, is difficult, but not ...
The Financial ExpressOpinion

From assistants to adversaries

The answer lies in the movement from the artisanal to the industrial. A human attacker, no matter how gifted, is a ...

Unpatched Microsoft Defender flaw lets hackers gain admin access

A security researcher has published a working exploit for a Microsoft Defender security flaw that affects Windows 10, 11, and ...
Crypto Briefing

Polkadot bridge exploited, attacker seizes admin control to mint and dump 1B DOT tokens

Polkadot bridge exploit sees 1B DOT minted and sold for $237K, highlighting vulnerabilities in cross-chain bridge security.
BeInCrypto

Bridged Polkadot Reportedly Hit by Exploit as Attacker Mints 1 Billion DOT Tokens

Attacker reportedly exploits a Hyperbridge gateway vulnerability to mint 1B bridged DOT on Ethereum, then dumps it for 108.2 ...

Hackers are abusing unpatched Windows security flaws to hack into organizations

A security researcher published details of three security vulnerabilities in Windows Defender, and the code used to exploit ...

60,000 WordPress sites at risk due to plugin security flaw

Hackers can now take over WordPress sites instantly using a simple plugin flaw ...

Recently leaked Windows zero-days now exploited in attacks

Threat actors are exploiting three recently disclosed Windows security vulnerabilities in attacks aimed at gaining SYSTEM or ...
Communications of the ACM

Subscription Bombing: Email under Attack

Email subscription bombing (also known as subscription flooding or email spam bombing) is an attack technique that overwhelms ...
CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...