Hackers found a way to weaponize CAPTCHA pages, and it's incredibly effective

A year of escalating social-engineering attacks has produced one of the most efficient infection chains observed to date. Known as ClickFix, this method requires only that ...

Security News This Week: A Major Leak Spills a Chinese Hacking Contractor’s Tools and Targets

Plus: State-sponsored AI hacking is here, Google hosts a CBP face recognition app, and more of the week’s top security news.

How a CPU spike led to uncovering a RansomHub ransomware attack

A sudden CPU spike turned out to be the first clue of an in-progress RansomHub ransomware attack. Varonis breaks down how ...

Fortinet FortiWeb flaw with public PoC exploited to create admin users

A Fortinet FortiWeb path traversal vulnerability is being actively exploited to create new administrative users on exposed ...
SecurityWeek

How TTP-based Defenses Outperform Traditional IoC Hunting

To fight ransomware, organizations must shift from chasing IoCs to detecting attacker behaviors — Tactics, Techniques, and ...
CSO Online

What CISOs need to know about new tools for securing MCP servers

As MCP servers become more popular, so do the risks. To address some of the risks many vendors have started to offer products ...

Alarming runC Flaws Enable Hackers To Exploit Docker Containers For Root Access

Security researchers have found several alarming security flaws in tooling used by containerization tool Docker that allows ...
CSO Online

Whisper Leak uses a side channel attack to eavesdrop on encrypted AI conversations

Encryption alone is no longer sufficient to protect privacy in LLM interactions, as metadata patterns can be exploited to ...

Hackers used booby-trapped images to spy on Samsung phones, no clicks required

For months, hackers conducted a quiet but highly advanced espionage campaign targeting select Samsung Galaxy users. The invasion used an exploit so sophisticated that it infected ...