The U.S. Congressional Budget Office (CBO) confirms it suffered a cybersecurity incident after a suspected foreign hacker breached its network, potentially exposing sensitive data. CBO spokesperson Caitlin Emma confirmed the "security incident" and said the agency acted quickly to contain it. "The [CBO] has identified the security incident, has taken immediate action to contain it, and has implemented additional monitoring and new security controls," Emma told BleepingComputer. READ MORE...
Attackers have taken the ClickFix technique further, with pages borrowing tricks from online sellers to pressure victims into performing the steps that will lead to a malware infection. Push Security has spotted one of these pages, showing an embedded tutorial video on how to perform the asked-for actions, a timer ostensibly counting down the seconds left to act, and a "users verified in the last hour" counter - all aimed at pressing users to act quickly, without thinking. READ MORE...
One of the world's most ruthless and advanced hacking groups, the Russian state-controlled Sandworm, launched a series of destructive cyberattacks in the country's ongoing war against neighboring Ukraine, researchers reported Thursday. In April, the group targeted a Ukrainian university with two wipers, a form of malware that aims to permanently destroy sensitive data and often the infrastructure storing it. READ MORE...
The Polish Computer Emergency Response Team (CERT Polska) analyzed a new Android-based malware that uses NFC technology to perform unauthorized ATM cash withdrawals and drain victims' bank accounts. Researchers found that the malware, called NGate, lets attackers withdraw cash from ATMs (Automated Teller Machines, or cash machines) using banking data exfiltrated from victims' phones-without ever physically stealing the cards. READ MORE...
Early on in 2025, I described how criminals used fake CAPTCHA sites and a clipboard hijacker to provide instructions for website visitors that would effectively infect their own machines with an information stealer known as the Lumma Stealer. ClickFix is the name researchers have since given to this type of campaign-one that uses the clipboard and fake CAPTCHA sites to trick users into running malicious commands themselves. READ MORE...
Generative artificial intelligence (GenAI) tools can produce entertaining content, aid in research, and advance user productivity. But the rapid emergence in the market of new tools such as the new audio and video generation model Sora 2, combined with a lack of regulations, contributes to a rise in disconcerting deepfake risks. OpenAI, the company behind the infamous ChatGPT, launched Sora 2 in September, an update built with "more advanced world simulation capabilities." READ MORE...
Cisco warned customers about another wave of attacks against its firewalls, which have been battered by intruders for at least six months. It also patched two critical bugs in its Unified Contact Center Express (UCCX) software that aren't under active exploitation - yet. The new attacks cause unpatched firewalls to continually reload, leading to denial-of-service conditions, and are the latest in a series of strikes against vulnerable devices that have been ongoing since May. READ MORE...
Tenable researchers recently discovered seven new ChatGPT vulnerabilities and attack techniques that can be exploited for data theft and other malicious purposes. The attack methods are related to several features. One of them is the 'bio' feature, also known as 'memories', which enables ChatGPT to remember the user's details and preferences across chat sessions. Another feature is the 'open_url' function, which is used by the AI model to access and render content from a specified website. READ MORE...
A vulnerability in the open source library Keras could allow attackers to load arbitrary local files or conduct server-side request forgery (SSRF) attacks. Providing a Python interface for artificial neural networks, Keras is a deep learning API that can be used as a low-level cross-framework language for the building of AI models. In real-world scenarios, attackers could exploit the vulnerability by uploading to public repositories malicious Keras models with specially crafted parameters. READ MORE...
A set of newly discovered vulnerabilities would have enabled exploitation of popular AI inference systems Ollama and NVIDIA Triton Inference Server. That's according to security firm Fuzzinglabs, which will unveil research concerning new AI infrastructure vulnerabilities on Dec. 10 as part of Black Hat Europe 2025. CEO Patrick Ventuzelo and COO Nabih Benazzouz will present the research, which included four vulnerabilities in AI model runner Ollama and one in NVIDIA's Triton Inference Server. READ MORE...