security Archives - Page 14 of 27

ChatGPT browsing window with a blurred results pane, a visible MFA prompt, and a warning about “q=” links and allowlisted redirects

ChatGPT Data Leaks: Seven New Prompt Injection Paths and Real

yohanmanuja2 months ago2 months ago16 mins

Seven fresh techniques let attackers leak ChatGPT data through everyday workflows: poisoned search, “q=” one-click links, allowlisted ad redirects, conversation injection, markdown hiding, and memory poisoning. Because exposure rides on normal browsing and memory behavior, prevention requires policy plus proof: sanitize URLs, block bing.com/ck/a, disable Saved Memory for high-risk roles, and validate controls continuously with OWASP LLM Top 10 and MITRE ATLAS as your benchmarks.

Iran-aligned phishing campaign targeting US policy experts via prefilled Microsoft 365 portals and RMM persistence

Iran-Linked Phishing Hits US Policy Experts with M365 and RMM

yohanmanuja2 months ago2 months ago14 mins

Iran-aligned operators ran a precise phishing campaign against US policy experts. They impersonated scholars, redirected victims to prefilled Microsoft 365 pages, and, when blocked, installed remote-access tools. The goal: long-term visibility into policy drafts, research, and contacts—achieved through identity abuse, inbox rules, and pragmatic persistence.

Signed RMM installers let attackers enroll logistics endpoints and hijack dispatch workflows to steal cargo

Cyber Gangs Use RMM to Hijack Freight Loads

yohanmanuja2 months ago2 months ago04 mins

Criminal crews deploy legitimate RMM tools inside carriers and brokers, then hijack booking and dispatch to steal real freight. This body explains how access lands, which artifacts reveal the intrusion, and what controls stop RMM-driven cargo theft without breaking logistics operations or delaying shipments.

TruffleNet attack flow from stolen AWS keys to Amazon SES abuse and BEC

TruffleNet: Stolen AWS Keys, SES Abuse, BEC Defense

yohanmanuja2 months ago2 months ago05 mins

TruffleNet validates stolen AWS keys, profiles accounts, and abuses Amazon SES to run high-leverage BEC. Therefore, clamp down on access keys, isolate SES to a low-trust account, and alert on first-seen identity actions. Consequently, you deny validation, break pivots, and stop invoice fraud before it lands.

A conceptual image of a Microsoft 365 firewall blocking a malicious red email representing a BEC attack, while allowing safe emails to pass through, symbolizing effective security rules

Block BEC: 9 Microsoft 365 Rules That Actually Work

yohanmanuja2 months ago2 months ago06 mins

Business email compromise drains budgets with executive spoofing and invoice fraud. This practical Microsoft 365 guide shows nine rules that actually stop BEC: tuned anti-phish and impersonation, Safe Links and Safe Attachments, SPF/DKIM/DMARC, phishing-resistant MFA with Conditional Access, external sender tags, mailbox hygiene, attack simulation, and a short incident playbook.

SIM farm racks with dozens of active SIM boxes overlayed with a warning about SMS OTP risk and carrier detection gaps

Monitor for OTP burst patterns and SIM rotation fingerprints in logs

yohanmanuja2 months ago2 months ago14 mins

SIM farms expose how weak KYC and SMS OTP let fraud scale. Raids seized SIM boxes and tens of thousands of cards. Here’s how carriers and brands can actually fix it.

Windows bind filter abuse blinds Microsoft Defender EDR telemetry using EDR-Redir V2

EDR-Redir V2 Blinds Microsoft Defender on Windows 11

yohanmanuja2 months ago2 months ago04 mins

EDR-Redir V2 blinds Microsoft Defender by abusing Windows file-system filter drivers with bind links that redirect or corrupt EDR working paths. This practitioner’s guide explains the method, highlights reliable artifacts, and lists resilient mitigations so teams can validate exposure, restore telemetry, and protect Windows 11 fleets without breaking production.

Canadian prime minister and U.S. president face off over tariffs, with a Reagan quote on screen and a trade graph fading into the background

PM Apologizes to Trump after Reagan Anti-Tariff Spot

yohanmanuja2 months ago2 months ago04 mins

A Reagan-themed anti-tariff ad paused U.S.–Canada talks. Canada’s prime minister apologized to Trump, seeking to cool tempers, protect exporters, and restart negotiations.

Luxury Brand Impersonation Wave: 1,330 Domains

yohanmanuja2 months ago2 months ago05 mins

Researchers tracked 1,330 suspicious domains impersonating 23 luxury brands ahead of peak shopping. Prepare for activation waves with monitoring, takedowns, and buyer guidance.

Linux kernel use-after-free exploitation chain with rapid patching, reduced local attack surface, and SIEM detections

Linux Kernel UAF Attacks: Admin Playbook to Reduce Exposure

yohanmanuja2 months ago2 months ago45 mins

Attackers actively exploit a Linux kernel use-after-free. Patch quickly, reduce local attack surface, and verify coverage with high-signal detections and a weekly baseline review.

TeamViewer DEX Vulnerabilities Expose Enterprise Endpoint Risks

Trust Wallet Chrome Extension Hack Exposes Browser Wallet Risk

LangChain Core Vulnerability Highlights Risks in AI Frameworks

China-Linked Actors Abuse DNS in Advanced Espionage Malware

Parrot OS 7.0 Focuses on Reliable Penetration Testing Workflows

Stealth Malware Loaders and AI-Assisted Attacks Reshape

Tag: security

ChatGPT Data Leaks: Seven New Prompt Injection Paths and Real

Iran-Linked Phishing Hits US Policy Experts with M365 and RMM

Cyber Gangs Use RMM to Hijack Freight Loads

TruffleNet: Stolen AWS Keys, SES Abuse, BEC Defense

Block BEC: 9 Microsoft 365 Rules That Actually Work

Monitor for OTP burst patterns and SIM rotation fingerprints in logs

EDR-Redir V2 Blinds Microsoft Defender on Windows 11

PM Apologizes to Trump after Reagan Anti-Tariff Spot

Luxury Brand Impersonation Wave: 1,330 Domains

Linux Kernel UAF Attacks: Admin Playbook to Reduce Exposure