Security Boulevard

Vercel Breach: How a Roblox Cheat Download Led to a $2M Data Heist Through AI Tool OAuth Abuse

Vercel breached after attacker compromised Context.ai, hijacked an employee's Google Workspace via OAuth, and accessed ...
SecurityWeek

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

CISA has added eight more vulnerabilities to the KEV catalog, including Cisco, Kentico, and Zimbra flaws not previously ...

PM warns Travelodge CEO to 'seriously engage' with MPs after 'appalling' hotel sex attack

Sir Keir Starmer's letter to Jo Boydell comes in response to a man being jailed for sexually assaulting a guest after staff gave him access to her room.
The Hacker News

GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

GlassWorm uses a fake WakaTime VS Code extension to infect IDEs, deploy RATs, and steal data, prompting urgent credential ...
The TyeeOpinion

Governments Need to Ensure That MAID Safeguards Don’t Harm Individuals

A common assumption is that restricting eligibility reduces risk of premature access or errors in assessing cases. But for ...
Security Boulevard

This fake Windows support website delivers password-stealing malware

A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access.

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...

Google Chrome security flaw: Government flags bugs found in recent version; here's what you need to know and do

CERT-In flags multiple vulnerabilities in Google Chrome that could allow remote code execution and data theft, urging users ...
The Hacker News

Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs

Iran-linked actors target U.S. PLCs using Dropbear and SSH access, disrupting OT systems across sectors and escalating cyber ...
LGBTQ Nation

A gay bar kicked out a wheelchair user as a “fire risk.” Her response forced the bar to make amends.

“You deserve to be able to go out,” she told other people with disabilities. “You don’t have to be afraid.” ...

OpenAI Confirms Security Incident—Mac Users Must Update All Apps Now

All macOS users must update their OpenAI apps, including ChatGPT, to the latest versions following a security incident, ...

How AI is changing the rules of cybersecurity

AI systems rely on massive datasets, complex models and decision-making that evolves. The attack surface isn’t just bigger, ...