Overview Recent reporting has identified a trojanized version of the CPUID HWMonitor installer being used to deliver a multi-stage, fileless malware chain leveraging trusted Windows binaries. Upon...
While much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there's a wide-open window nobody's guarding: AI browser extensions. A new report from...
In this episode of The Talos Threat Perspective, we discuss how vulnerability exploitation is accelerating, and why attacker speed, AI, and exposed systems are affecting the patch window.
Anthropic's new model can autonomously discover zero-days and develop working exploits. While access is currently limited to responsible actors, now is the time to strengthen response playbooks,...
One of the most vivid lessons from my Public Buildings Service career came from a building manager responsible for a federal courthouse in downtown New Orleans during Hurricane Katrina. As...
The Treasury Department said Thursday it will begin sharing cyber threat intelligence with cryptocurrency firms following a string of incidents in which hackers siphoned off millions of dollars in...
A new threat group is targeting business process outsourcers (BPOs) and large enterprises for extortion using live chat channels, Google has warned. Google Threat Intelligence Group (GTIG)...
Last week, the family of one of two victims in the attack announced it plans to sue OpenAI because the gunman allegedly constantly communicated with ChatGPT in the days leading to the shootings.
The recent FBI-led operation to knock Russian government hackers off routers sought to topple an especially insidious and threateningly contagious cyberespionage campaign, top bureau cyber...
According to blockchain sleuth ZachXBT, threat actors are leaving an opportunity on the table by not targeting low-tier DPRK groups. “The risk of repercussions is low, competition is minimal, and...
For a long time, the Iranian government has treated free internet access as a privilege that is extended by the state to those willing to carry its message and withheld from everyone else. Around...
No matter what becomes of the Iran war ceasefire, another form of warfare waged by Tehran against the United States is almost certain to continue: cyberattacks on the water supply. The U.S....
The fallout and potential exposure from Iran’s state-backed targeting of U.S. critical infrastructure extends to more than 5,200 internet-connected devices, researchers at Censys said in a threat...
New research from Comparitech underscores how exposed ICS (industrial control systems) continue to present a tangible risk to critical infrastructure, with 179 internet-facing ICS devices...
Researchers from RSAC have found a way to bypass the safety protocols of Apple’s Intelligence AI with a high success rate. Apple Intelligence is a deeply integrated personal intelligence system...
Google has made Device Bound Session Credentials (DBSC) generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta. The...
While the world’s attention has been elsewhere, Beijing appears to be quietly weaponizing critical infrastructure across the South Pacific. Under the guise of commercial development, Chinese...
Google Chrome security advisory (AV26-337)
A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from...
A Russian attack submarine and vessels from the country’s Main Directorate of Deep Sea Research (GUGI) were involved in what the UK Ministry of Defence called “nefarious activity over critical...
FBI disrupts GRU router hijacking operation, ClickFix sidesteps Apple's Terminal mitigation, and Iranian actors exploit PLCs across U.S. infrastructure.
The deadline for federal agencies to implement risk management practices for high-impact AI use cases — or terminate them — has come and gone, but a handful of departments are still working to...
Six-hour breach turned trusted links into a coin toss between legit tools and credential stealers Visitors to the CPUID website were briefly exposed to malware this week after attackers hijacked...
Several nuclear power startups are balking at joining the industry’s voluntary regulatory body in what could become a major shakeup to plant safety oversight. The Institute of Nuclear Power...
The Central Intelligence Agency aims to integrate artificial intelligence-powered “coworkers” into analysts’ workflows in the coming years as part of an effort to rapidly adopt the emerging...
From the Baltic Sea to the Pacific Ocean, a global scramble is under way to protect submarine cables vulnerable to potential sabotage. Governments, militaries, cable owners and tech startups are...
Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider...
The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs)...
Just what FOSS developers need – a flood of AI-discovered vulnerabilities Opinion Anthropic describes Project Glasswing as a coalition of tech giants committing $100 million in AI resources to...
Posted by Jiacheng Lu, Software Engineer, Google Pixel Team Google is continuously advancing the security of Pixel devices. We have been focusing on hardening the cellular baseband modem against...