Malware Hidden in AI Models on PyPI Targets Alibaba AI Labs Users

/in

ReversingLabs discovers new malware hidden inside AI/ML models on PyPI, targeting Alibaba AI Labs users. Learn how attackers…

Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – ​Read More

Is that extension safe? This free tool lets you know before you install

/in

Don’t install that unknown extension until you’ve checked out its reputation. Here’s how to do that.

Latest stories for ZDNET in Security – ​Read More

Why Take9 Won’t Improve Cybersecurity

/in

The latest cybersecurity awareness campaign asks users to pause for nine seconds before clicking — but this approach misplaces responsibility and ignores the real problems of system design.

darkreading – ​Read More

Estonia issues arrest warrant for Moroccan wanted for major pharmacy data breach

/in

Estonia said a man is suspected of unlawfully accessing a customer card database managed by Allium UPI, the parent company of the Apotheka pharmacy chain, in February 2024.

The Record from Recorded Future News – ​Read More

Data broker giant LexisNexis says breach exposed personal information of over 364,000 people

/in

The data collector said the stolen data includes Social Security numbers.

Security News | TechCrunch – ​Read More

Zscaler Announces Deal to Acquire Red Canary

/in

The August acquisition will bring together Red Canary’s extensive integration ecosystem with Zscaler’s cloud transaction data to deliver an AI-powered security operations platform.

darkreading – ​Read More

Google warns of Vietnam-based hackers using bogus AI video generators to spread malware

/in

Hackers likely based in Vietnam advertised websites offering AI-powered video generation tools, according to Google’s Mandiant unit, and then used the sites to spread infostealers and other malware.

The Record from Recorded Future News – ​Read More

New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto

/in

Embedded Linux-based Internet of Things (IoT) devices have become the target of a new botnet dubbed PumaBot.
Written in Go, the botnet is designed to conduct brute-force attacks against SSH instances to expand in size and scale and deliver additional malware to the infected hosts.
“Rather than scanning the internet, the malware retrieves a list of targets from a command-and-control (C2) server

The Hacker News – ​Read More

Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware

/in

A financially motivated threat actor has been observed exploiting a recently disclosed remote code execution flaw affecting the Craft Content Management System (CMS) to deploy multiple payloads, including a cryptocurrency miner, a loader dubbed Mimo Loader, and residential proxyware.
The vulnerability in question is CVE-2025-32432, a maximum severity flaw in Craft CMS that was patched in

The Hacker News – ​Read More

OneDrive Gives Web Apps Full Read Access to All Files

/in

Security researchers warn that OneDrive’s file sharing tool may grant third-party web apps access to all your files—not just the one you choose to upload.

The post OneDrive Gives Web Apps Full Read Access to All Files appeared first on SecurityWeek.

SecurityWeek – ​Read More