The ShinyHunters extortion gang stole personal information from 4.9 million accounts after hacking the U.S. telecom giant Charter Communications in early April, according to data breach notification service Have I Been Pwned. Charter has over 92,000 employees and provides internet, mobile, video, and voice services to more than 32 million customers and over 57 million homes in 41 states across the U.S. through its Spectrum brand. READ MORE...
A new phishing campaign is targeting Signal users by attempting to steal their backup recovery keys to access encrypted message archives. The attack is initiated by a text message pretending to come from Signal Support. The attack exploits Signal's Secure Backups feature, which allows users to store encrypted archives of their conversations on Signal's servers. These backups are protected by a 64-character recovery key. READ MORE...
Attackers use AI to increase velocity, scale and sophistication. Just as AI is improving, so will attackers' use of it. GreyVibe is one to watch. GreyVibe, a previously undocumented threat actor, is described by WithSecure as a Russia-nexus group. The researchers are confident in their attribution of GreyVibe to Russian-speaking operators in the Moscow time zone, but are less certain whether the group is cybercriminal, nation-state - or a mix of the two. READ MORE...
Organizations that don't secure their cloud environments and software-as-a-service (SaaS) platforms are inadvertently funding violent crime and the exploitation of minors. An analysis this week from Flashpoint of the disturbing cybercriminal group known as The Com confirms that as major Russian groups have splintered and withered away in recent years, the new class of predominantly North American cybercriminal groups that has emerged all trace back in one way or another to the same source. READ MORE...
The FBI is warning of fake websites impersonating FIFA ahead of the 2026 World Cup, to steal personal and financial information, sell fake tickets and hospitality packages, and push other fraud related to the event. With the international soccer tournament set between June 11 and July 19 in the United States, Canada, and Mexico, threat actors prepared hundreds of phishing sites. According the the public service announcement from the FBI, the fake domains impersonate the official fifa.com. READ MORE...
A Google security engineer was arrested in New York and charged with crimes related to bets he allegedly placed on Polymarket using confidential information he pulled from Google systems, the Justice Department said Wednesday. Michele Spagnuolo is accused of placing multiple trades on the prediction marketplace last year that netted him a profit of more than $1.2 million. He allegedly abused internal access to Google's search data and placed bets on the most searched people on Google in 2025. READ MORE...
Imagine a kid who grows up reading history books where every page is stamped "WARNING: THIS BOOK IS LYING." You'd expect them to come away skeptical, or at least uncertain. New research on so-called "negation neglect" finds that LLMs in a roughly analogous situation don't behave that way. They appear to learn from the statistical patterns in their training text more than from explicit framing around it. READ MORE...
ChatGPT can't tell its own generated content from attacker-controlled Markdown pulled from external sources, according to a researcher who found the prompt injection technique and reported it to OpenAI. This means that if a user asks the chatbot to summarize a web page that contains hidden instructions, the page can become the payload. An attacker could abuse this blind trust to inject phishing URLs into ChatGPT responses, or even trick the model into showing fake security alerts. READ MORE...
The popular open source self-hosted Git service Gogs is affected by a critical-severity zero-day vulnerability that exposes servers to remote code execution (RCE), Rapid7 reports. The critical-severity issue, assigned a CVSS score of 9.4, is an argument injection flaw that can be exploited by authenticated attackers via pull requests with malicious branch names. According to Rapid7, the vulnerability can be exploited without user interaction. READ MORE...