î ‚Jul 21, 2025î „Ravie LakshmananThreat Intelligence / Authentication Cybersecurity researchers have uncovered a new attack method that allows threat actors to weaken Fast IDentity Online (FIDO) key protections by tricking users into approving authentication requests from fake company login portals. FIDO …
PoisonSeed Hackers Bypass FIDO Keys Using QR Phishing and Cross-Device Sign-In Abuse Read More »
î ‚Jul 20, 2025î „Ravie LakshmananZero-Day / Vulnerability A critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an “active, large-scale” exploitation campaign. The zero-day flaw, known as CVE-2025-53770 (CVSS score: 9.8), is a variant of CVE-2025-49706 (CVSS …
î ‚Jul 18, 2025î „Ravie LakshmananSurveillance / Mobile Security Cybersecurity experts have brought to light a mobile forensics tool known as Massistant utilized by law enforcement agencies in China to extract data from confiscated mobile devices. The tool, believed to be an …
î ‚Jul 18, 2025î „Ravie LakshmananBotnet / Network Security Google recently took legal action in New York federal court against 25 unidentified individuals or entities in China for allegedly operating the BADBOX 2.0 botnet and residential proxy infrastructure. The BADBOX 2.0 botnet …
Google Sues 25 Chinese Entities Over BADBOX 2.0 Botnet Affecting 10M Android Devices Read More »
The Taiwanese semiconductor industry has been targeted by spear-phishing campaigns carried out by three Chinese state-sponsored threat actors. “Targets of these campaigns ranged from organizations involved in the manufacturing, design, and testing of semiconductors and integrated circuits, wider equipment and …
î ‚Jul 15, 2025î „Ravie LakshmananMalware / Web Security The North Korean threat actors associated with the Contagious Interview campaign have recently released 67 new malicious packages on the npm registry, highlighting ongoing efforts to compromise the open-source ecosystem through software supply …
î ‚Jul 14, 2025î „Ravie LakshmananCybercrime / Law Enforcement India’s Central Bureau of Investigation (CBI) has announced that it has dismantled a transnational cybercrime syndicate involved in sophisticated tech support scams targeting citizens of Australia and the United Kingdom. The fraudulent scheme …
NVIDIA is advising customers to activate System-level Error Correction Codes (ECC) as a defense against a new form of RowHammer attack targeting its GPUs. The company stated that the risk of exploitation varies depending on various factors. The attacks, known …
New RowHammer Attack Variant Degrades AI Models on NVIDIA GPUs Read More »
Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now Moonshot AI, the Chinese artificial intelligence startup behind the popular Kimi chatbot, released an …
Moonshot AI’s Kimi K2 outperforms GPT-4 in key benchmarks — and it’s free Read More »
