News

Critical flaw ForcedLeak in Salesforce’s AgentForce allows CRM data theft via prompt injection

The security researchers who discovered the malicious npm package called it the “first malicious MCP in the wild”

Vietnamese phishing campaign evolves from Python infostealer to PureRAT trojan

The hackers are likely trying to collect data to feed the development of zero-day exploits, said Google researchers

The UK retailer estimated the losses from temporarily shutting down some of its systems to contain the threat

SecurityScorecard report finds 53% of Indian vendors suffered third-party breaches in the past year

The UK’s National Crime Agency has arrested a suspect in connection with a ransomware attack on Collins Aerospace

This site turns your URL into something sketchy-looking.

For example, www.schneier.com becomes
https://cheap-bitcoin.online/firewall-snatcher/cipher-injector/phishing_sniffer_tool.html?form=inject&host=spoof&id=bb1bc121&parameter=inject&payload=%28function%28%29%7B+return+%27+hi+%27.trim%28%29%3B+%7D%29%28%29%3B&port=spoof.

Found on Boing Boing.

Malicious npm package Fezbox uses QR codes to steal credentials from browser cookies

New campaign merges traditional malware with DevOps tools, using GitHub CodeSpaces for DDoS attacks