attack

Low-skilled attacker used Claude, Codex to breach 14 companies

agentic AI, attack, attack tools, Claude Code, cybersecurity, Don't miss, Hot stuff, LLMs, News, research /

Low-skilled attacker used Claude, Codex to breach 14 companies 2026-06-17 at 18:43 By Zeljka Zorz Researchers have long warned that AI agents could lower the skill floor for offensive cyber operations, and a recent report by OALABS (Open Analysis) researchers bears that out. After recovering and analyzing over 1,000 agent sessions from a compromised server […]

Low-skilled attacker used Claude, Codex to breach 14 companies Read More »

When attacks spread too far: Lessons from real cyber attack case studies

attack, cybersecurity, Illumio, News, strategy, threats, tips, Video /

When attacks spread too far: Lessons from real cyber attack case studies 2026-06-08 at 13:09 By Help Net Security In this Help Net Security video, Michael Adjei, Director, Systems Engineering at Illumio, explains three real world cyber attacks and what went wrong during detection. Adjei walks through a collaboration tool scam that copied Microsoft Teams,

When attacks spread too far: Lessons from real cyber attack case studies Read More »

Thieves can pull off keyless car theft in under a minute and here’s how to stop them

attack, authentication, Bluetooth, car, car hacking, Don't miss, EU, Europe, Germany, GPS, hardware, News, threats /

Thieves can pull off keyless car theft in under a minute and here’s how to stop them 2026-06-05 at 09:24 By Mirko Zorz A keyless car can be stolen in under a minute. Two people, a pair of cheap radio amplifiers, and a fob sitting on a hallway table inside the house. That is enough.

Thieves can pull off keyless car theft in under a minute and here’s how to stop them Read More »

Brute-force attack triggers Dashlane account lockouts

attack, brute-force, cyberattack, Dashlane, News, password manager /

Brute-force attack triggers Dashlane account lockouts 2026-06-01 at 16:49 By Sinisa Markovic Password manager Dashlane has confirmed that a brute-force attack targeting user accounts triggered temporary account suspensions and authentication issues. The company first acknowledged the incident on May 31 after users reported receiving account suspension emails and experiencing login problems. “Your account has been

Brute-force attack triggers Dashlane account lockouts Read More »

Websites can spy on user activity by analyzing SSD behavior

attack, browser, News, research /

Websites can spy on user activity by analyzing SSD behavior 2026-05-29 at 14:08 By Sinisa Markovic Websites have spent years collecting information about visitors through browser fingerprinting, tracking scripts, and other techniques designed to identify devices and monitor behavior. Researchers have demonstrated another method that relies on something most users would never expect a website

Websites can spy on user activity by analyzing SSD behavior Read More »

Google researchers uncover criminal zero-day exploit likely built with AI

0-day, AI, APT, attack, cybercrime, cybersecurity, Don't miss, exploit, Google, Google Cloud, Hot stuff, Mandiant, News, report, Russian Federation, threats /

Google researchers uncover criminal zero-day exploit likely built with AI 2026-05-11 at 16:48 By Mirko Zorz Google’s threat intelligence researchers have linked a zero-day exploit to AI-assisted development by a criminal group. The exploit targeted a popular open-source web-based system administration tool. It allowed attackers to bypass two-factor authentication once they had valid user credentials.

Google researchers uncover criminal zero-day exploit likely built with AI Read More »

North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China

attack, cybercrime, ESET, Malware, News, North Korea, online gaming, supply chain attacks, threats /

North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China 2026-05-05 at 13:21 By Sinisa Markovic A gaming platform built for ethnic Koreans in China has been serving backdoored Windows and Android software to its users since late 2024. The platform, sqgame[.]net, hosts traditional card and board games for a community that

North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China Read More »

Apple Intelligence flaw kept stolen tokens reusable on another device

AI, apple, attack, macOS, News, research /

Apple Intelligence flaw kept stolen tokens reusable on another device 2026-04-22 at 10:09 By Sinisa Markovic Apple claims that Apple Intelligence, a GenAI service provided on its operating systems, is designed with an extra focus on user security and privacy through a two-stage authentication and authorization system using anonymous access tokens. However, researchers from The

Apple Intelligence flaw kept stolen tokens reusable on another device Read More »

Many networking devices are still vulnerable to pixie dust attack

attack, consumer, Don't miss, Features, firmware, legacy technology, News, SMBs, TP-LINK, vulnerability, wireless /

Many networking devices are still vulnerable to pixie dust attack 2025-09-17 at 18:22 By Zeljka Zorz Despite having been discovered and reported in 2014, the vulnerability that allows pixie dust attacks still impacts consumer and SOHO networking equipment around the world, Netrise researchers have confirmed. WPS and the pixie dust attack Wi-Fi Protected Setup (WPS)

Many networking devices are still vulnerable to pixie dust attack Read More »

Starbucks, grocery stores impacted by Blue Yonder ransomware attack

attack, cybercrime, News, Ransomware /

Starbucks, grocery stores impacted by Blue Yonder ransomware attack 2024-11-26 at 16:15 By Mirko Zorz Supply chain management SaaS vendor Blue Yonder announced on November 21 that it experienced a ransomware attack that impacted its managed services hosted environment. “Since learning of the incident, the Blue Yonder team has been working diligently together with external

Starbucks, grocery stores impacted by Blue Yonder ransomware attack Read More »

CISOs’ strategies for managing a growing attack surface

attack, CISO, Compliance, cybersecurity, Detectify, digital transformation, Don't miss, Features, Hot stuff, News, opinion, regulation /

CISOs’ strategies for managing a growing attack surface 2024-10-14 at 07:03 By Mirko Zorz In this Help Net Security interview, Rickard Carlsson, CEO at Detectify, discusses the evolution of attack surface management in the context of remote work and digital transformation. Carlsson highlights the challenges CISOs face today, including maintaining visibility and managing compliance in

CISOs’ strategies for managing a growing attack surface Read More »

“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days

0-day, attack, Don't miss, Hot stuff, News, research, SafeBreach, vulnerability, Windows, Windows Server /

“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days 2024-08-08 at 13:01 By Zeljka Zorz A researcher has developed a downgrade attack that can make Windows machines covertly, persistently and irreversibly vulnerable, even if they were fully patched before that. A downgrade attack exploiting the Windows Update process The direction of SafeBreach researcher Alon Leviev’s

“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days Read More »

Omni Hotels suffer prolonged IT outage due to cyberattack

attack, Closed Door Security, cyberattack, cybercrime, Don't miss, hospitality industry, Hot stuff, News, USA /

Omni Hotels suffer prolonged IT outage due to cyberattack 2024-04-04 at 17:32 By Zeljka Zorz Texas-based Omni Hotels & Resorts has been responding to a cyberattack that started last Friday, which resulted in the unavailability of many of its IT systems. According to people staying at some of the 50 properties the company operates across

Omni Hotels suffer prolonged IT outage due to cyberattack Read More »

Prisma Finance says $540K still at risk, hacker demands team reveal themselves

attack, exploit, Loan, Onchain Message, Onchain Proposal, Prisma Finance, Smart Contract Vulnerability, Trove /

Prisma Finance says $540K still at risk, hacker demands team reveal themselves 2024-04-01 at 05:02 By Cointelegraph by Brayden Lindrea The decentralized borrowing protocol said there were still 14 accounts that have yet to revoke the affected smart contract that caused $11.6 million to be exploited last week. This article is an excerpt from Cointelegraph.com

Prisma Finance says $540K still at risk, hacker demands team reveal themselves Read More »

Escalating cyber threats: Bots, fraud farms, and cryptojacking surge, urgently requiring attention

Abnormal Security, Aqua Security, Arkose Labs, Armis, attack, cybersecurity, Don't miss, Hornetsecurity, Imperva, Netwrix, News, Orange Cyberdefense, report, SonicWall, SpyCloud, survey, WatchGuard /

Escalating cyber threats: Bots, fraud farms, and cryptojacking surge, urgently requiring attention 2024-01-05 at 06:32 By Help Net Security The motivations behind cyberattacks are as diverse as the methods employed. Whether driven by financial gain, political agendas, or sheer malice, cybercriminals exploit weaknesses in cybersecurity defenses, seeking entry points to compromise sensitive data, disrupt critical

Escalating cyber threats: Bots, fraud farms, and cryptojacking surge, urgently requiring attention Read More »

Researchers automated jailbreaking of LLMs with other LLMs

Artificial Intelligence, attack, Don't miss, Hot stuff, machine learning, News, research, Robust Intelligence, Yale University /

Researchers automated jailbreaking of LLMs with other LLMs 07/12/2023 at 13:47 By Zeljka Zorz AI security researchers from Robust Intelligence and Yale University have designed a machine learning technique that can speedily jailbreak large language models (LLMs) in an automated fashion. “The method, known as the Tree of Attacks with Pruning (TAP), can be used

Researchers automated jailbreaking of LLMs with other LLMs Read More »

Transforming cybersecurity from reactive to proactive with attack path analysis

attack, Cloud, cybercriminals, cybersecurity, Don't miss, Hot stuff, risk, Skybox Security, Video /

Transforming cybersecurity from reactive to proactive with attack path analysis 17/11/2023 at 08:03 By Help Net Security An attack path is important to prioritize potential risks in cloud environments. The attack path offers the ability to look at cloud environments from the attacker’s perspective. With today’s general awareness and concerted effort toward cybersecurity, cybercriminals rarely

Transforming cybersecurity from reactive to proactive with attack path analysis Read More »

Why legacy system patching can’t wait

attack, Compliance, cybersecurity, Don't miss, Hot stuff, legacy technology, patching, resilience, software, TuxCare, Video /

Why legacy system patching can’t wait 02/11/2023 at 07:32 By Help Net Security The persistent neglect of patching legacy systems is plaguing critical infrastructure and industries. The consequences of such neglect can be damaging to organizations, ranging from costly security vulnerabilities to compliance risk and operational inefficiencies. Thus, the question remains: why is the process

Why legacy system patching can’t wait Read More »

Apple news: iLeakage attack, MAC address leakage bug

apple, attack, data theft, Don't miss, Hot stuff, iOS, iPad, macOS, Mysk, News, Privacy, research, vulnerability /

Apple news: iLeakage attack, MAC address leakage bug 27/10/2023 at 12:31 By Zeljka Zorz On Wednesday, Apple released security updates for all supported branches of iOS and iPadOS, macOS, tvOS, watchOS and Safari. This time around, the updates did not garner as much attention as when they deliver a zero-day fix, though it has to

Apple news: iLeakage attack, MAC address leakage bug Read More »

“Disappearing” implants, followed by first fixes for exploited Cisco IOS XE zero-day

0-day, attack, backdoor, Cisco, Don't miss, Hot stuff, News, Orange Cyberdefense, security update /

“Disappearing” implants, followed by first fixes for exploited Cisco IOS XE zero-day 23/10/2023 at 13:04 By Zeljka Zorz Cisco has released the first fixes for the IOS XE zero-day (CVE-2023-20198) exploited by attackers to ultimately deliver a malicious implant. The fixes were made available on Sunday, but a curious thing happened the day before: several

“Disappearing” implants, followed by first fixes for exploited Cisco IOS XE zero-day Read More »

Scroll to Top