How Attackers Poison AI Tools and Defenses
Threat actors are increasingly poisoning AI tools and assistants embedding dangerous prompts or corrupting the data they rely on to turn defenses against organizations.
How Attackers Poison AI Tools and Defenses
Threat actors are increasingly poisoning AI tools and assistants embedding dangerous prompts or corrupting the data they rely on to turn defenses against organizations.
Qualcomm’s Guardian Could Rival Intel vPro But Always-On Connectivity Raises Risks
Qualcomm’s Guardian aims to rival Intel vPro with always-on device control via built-in cellular connectivity, but the tradeoff may threaten privacy and trust.
Cybersecurity Newsletter Weekly, Chrome 0-Day, 22.2 Tbps DDoS Attack & More
A rapid cascade of cyber events Chrome zero-day, a record DDoS, Cisco IOS exploit, and Kali Linux upgrade highlight how threat activity keeps accelerating.
Trump Demands Microsoft Fire Global Affairs Chief Lisa Monaco Over Security Concerns
Trump urged Microsoft to fire Lisa Monaco, its head of global affairs, raising concerns over her revoked security clearance and history in DOJ investigations.
Apple Devices Vulnerable to ASLR Bypass Through JSON Serialization Trick
Google’s Project Zero team uncovered a method to bypass ASLR on Apple devices by exploiting NSDictionary’s JSON serialization behavior, potentially weakening memory protections.
Harrods Warns Customers of Data Breach Involving Third-Party Provider
Harrods informed loyalty program members of a data breach tied to a third-party provider. The luxury retailer is investigating and urging customer caution.
PlugX and Bookworm Deployed via DLL Side‑Loading in Targeted Cyber Espionage Campaign
A sophisticated cyber campaign used DLL side‑loading to deliver a hybrid PlugX variant and the Bookworm backdoor to telecom and ASEAN networks, revealing renewed tactics by China‑linked threat actors.
Weaponized “Microsoft Teams” Installer Delivers Oyster Backdoor via Poisoned Search Results
A targeted malvertising campaign redirected users from Bing to a fake Teams download site, where a signed MSTeamsSetup.exe installed the Oyster backdoor — blocked just in time by Microsoft Defender ASR.
LAMEHUG Malware Uses AI to Generate Commands and Steal Data
The new LAMEHUG malware uses AI models from Hugging Face to generate Windows commands dynamically. It spreads through phishing, disguises itself as AI apps, and steals system data, documents, and credentials while adapting to different environments.
New XCSSET macOS Malware Variant Targets Firefox with Clipper Module
A new XCSSET malware variant for macOS introduces a clipboard hijacker to steal cryptocurrency and expands to Firefox browser data theft. Security researchers warn developers to inspect Xcode projects and apply strong defenses against this evolving threat.
