‘Haozi’ Gang Sells Turnkey Phishing Tools to Amateurs

/in

The phishing operation is using Telegram groups to sell a phishing-as-a-service kit with customer service, a mascot, and infrastructure that requires little technical knowledge to install.

darkreading – ​Read More

Beyond GenAI: Why Agentic AI Was the Real Conversation at RSA 2025

/in

Agentic AI can be a great tool for many of the ‘gray area’ tasks that SOC analysts undertake.

The post Beyond GenAI: Why Agentic AI Was the Real Conversation at RSA 2025 appeared first on SecurityWeek.

SecurityWeek – ​Read More

Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations

/in

Google on Wednesday disclosed that the Chinese state-sponsored threat actor known as APT41 leveraged a malware called TOUGHPROGRESS that uses Google Calendar for command-and-control (C2).
The tech giant, which discovered the activity in late October 2024, said the malware was hosted on a compromised government website and was used to target multiple other government entities.
“Misuse of cloud

The Hacker News – ​Read More

Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin

/in

Cybersecurity researchers have disclosed a critical unpatched security flaw impacting TI WooCommerce Wishlist plugin for WordPress that could be exploited by unauthenticated attackers to upload arbitrary files.
TI WooCommerce Wishlist, which has over 100,000 active installations, is a tool to allow e-commerce site customers to save their favorite products for later and share the lists on social

The Hacker News – ​Read More

DanaBot takedown shows how agentic AI cut months of SOC analysis to weeks

/in

Agentic AI: Empowering SOC Analysts to Decisively Defeat Cyber Threats

Agentic AI played a decisive role in dismantling DanaBot, a Russian malware platform responsible for more than 50 million dollars in damages.Read More

Security News | VentureBeat – ​Read More

OneDrive File Picker Flaw Gives Apps Full Access to User Drives

/in

A recent investigation by cybersecurity researchers at Oasis Security has revealed a data overreach in how Microsoft’s OneDrive…

Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – ​Read More

Security startup Horizon3.ai is raising $100M in new round

/in

Horizon3.ai, a cybersecurity startup that provides tools like autonomous penetration testing, is seeking to raise $100 million in a new funding round and has locked down at least $73 million, the company revealed in an SEC filing this week. NEA led the round, according to two people familiar with the deal. One person said that […]

Security News | TechCrunch – ​Read More

Hundreds of Web Apps Have Full Access to Microsoft OneDrive Files

/in

Researchers at Oasis Security say the problem has to do with OneDrive File Picker having overly broad permissions.

darkreading – ​Read More

Victoria’s Secret hit by outages as it battles security incident

/in

The fashion retailer’s outages began Monday.

Security News | TechCrunch – ​Read More

Microsoft Entra Design Lets Guest Users Gain Azure Control, Researchers Say

/in

Researchers reveal how guest accounts with billing roles can create Azure subscriptions inside external tenants, gaining unexpected Owner access and opening hidden privilege risks.

Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – ​Read More