Checkmarx: Ongoing Supply Chain Attack Targets Security Tools, Exposes Sensitive Data
Checkmarx confirms data exposure linked to a supply chain attack, with Lapsus$ claiming responsibility for the breach.
Category Security & Privacy
Ciberseguridad, vulnerabilidades y privacidad
Telecommunications Fraud Campaign Exploits Fake CAPTCHA Techniques
A new report reveals a telecommunications fraud scheme utilizing fake CAPTCHA prompts to deceive users into incurring SMS charges, impacting individuals and telecom providers globally.
CISA Adds Four Vulnerabilities to KEV Catalog Amid Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency has identified four vulnerabilities affecting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link routers, with a deadline for federal agencies to address them.
Federal Agency Compromised by Firestarter Backdoor Malware
A previously unknown backdoor malware named Firestarter has been detected in a U.S. federal agency, prompting alerts across government and critical infrastructure sectors.
FCC Expands Ban on Foreign-Made Routers to Include Mobile Hotspots
The FCC has clarified that its ban on foreign-manufactured routers now encompasses mobile hotspots and certain 5G devices, citing national security concerns.
New Cybercrime Group Exploits Microsoft Teams for Data Theft
A newly identified threat group is using social engineering tactics and custom malware to compromise organizations via Microsoft Teams, according to Google's Threat Intelligence Group.
Discovery of Pre-Stuxnet Malware Fast16 Highlights Early Cyber Sabotage Efforts
Researchers have uncovered a previously undocumented malware, fast16, that predates Stuxnet and targets engineering software, raising questions about early cyber sabotage capabilities.
Tropic Trooper Leverages Trojanized Software for Targeted Cyber Attacks
A new campaign attributed to the Tropic Trooper group employs a compromised version of SumatraPDF to deploy malware targeting Chinese-speaking individuals.
malware: Malicious FakeWallet Apps Discovered on Apple App Store Targeting Cryptocurrency Users
A set of 26 malicious applications, known as FakeWallet, has been found on the Apple App Store, designed to impersonate legitimate cryptocurrency wallets and steal sensitive user information.
AI agents: Addressing the AI Agent Authority Gap in Enterprise Security
The emergence of AI agents in enterprise environments has highlighted a critical gap in authority delegation, necessitating a reevaluation of identity governance.
