Live events giant Legends International has started notifying some employees and customers that their personal information was compromised as a result of a cyberattack. Legends International provides food, beverage, merchandise, retail, and venue operations services for sporting, entertainment and other live events. The company is based in New York and has offices in several major US and European cities. READ MORE...
Cheap android smartphones from Chinese manufacturers are carrying malware-ridden applications that imitate WhatsApp and Telegram and come preloaded on the devices. The Trojanized apps masquerade as their legitimate counterparts and contain functionality designed to steal cryptocurrency via clipping. The clippers copy wallet addresses before swapping it with the attacker's own. READ MORE...
Apple has released a security update for iOS and iPadOS to patch two zero-day vulnerabilities which are reported to already have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS. Both vulnerabilities allowed an attacker to bypass the memory protections that would normally stop someone from running malicious code. Reportedly, attackers used them with another unpatched vulnerability or malicious app. READ MORE...
Chinese-speaking IronHusky hackers are targeting Russian and Mongolian government organizations using upgraded MysterySnail remote access trojan (RAT) malware. Security researchers at Kaspersky's Global Research and Analysis Team (GReAT) spotted the updated implant while investigating recent attacks where the attackers deployed the RAT malware using a malicious MMC script camouflaged as a Word document, which downloaded second-stage payloads and gained persistence on compromised systems. READ MORE...
Rise in accessible AI tools significantly lowered the barrier to entry for cyber attackers, enabling them to create and deploy malicious bots at scale, according to Thales. Automated bot traffic surpassed human-generated traffic for the first time in a decade, constituting 51% of all web traffic in 2024. This shift is largely attributed to the rise of AI and LLMs, which have simplified the creation and scaling of bots for malicious purposes. READ MORE...
The craze around generative AI tools isn't just reshaping industries - it also provides fertile ground for cybercriminals, who are always quick to piggyback on the allure of the latest big thing in tech. So what if, instead of downloading an AI-generated video from CapCut or another similar tool, you had your data stolen or gave control of your computer to a stranger? The threat is real - security researchers have previously observed malware campaigns that exploited CapCut's popularity. READ MORE...
The splintering of the global system for identifying and tracking security bugs in technology products has begun. Earlier this week, the widely used Common Vulnerabilities and Exposures (CVE) program faced doom as the US government discontinued funding for MITRE, the non-profit that operates the program. Uncle Sam U-turned at the very last minute, and promised another 11 months of cash to keep the program going. Meanwhile, the EU is rolling its own. READ MORE...
AHouse panel has concluded that the U.S. government should double down on export controls and other tools to slow down the progress of Chinese AI companies like DeepSeek, while also preparing for a future where those efforts fail. In a report released Wednesday, the House Select Committee on the Chinese Communist Party further fleshes out the financial and technological resources that went into building DeepSeek's R1 reasoning model, as well as its potential risks. READ MORE...
Cisco has released security updates for a high-severity Webex vulnerability that allows unauthenticated attackers to gain client-side remote code execution using malicious meeting invite links. Tracked as CVE-2025-20236, this security flaw was found in the Webex custom URL parser and can be exploited by tricking users into downloading arbitrary files, which lets threat actors execute arbitrary commands on systems running unpatched software in low complexity attacks. READ MORE...