IMA Diligence Services Data Breach Impacts 525,000 People
IMA Diligence Services is notifying over 525,000 individuals that their personal information was stolen in a data breach. The incident, the company says, was identified in mid-December after a legacy server managed by a third party became inaccessible. "Upon discovery, we notified law enforcement and promptly commenced an investigation to confirm the nature and scope of this incident," an incident notice on the company's website reads. READ MORE...
These convincing copyright notices are designed to steal Google logins
A new scam is targeting people who publish Chrome extensions. The scam arrives as an official-looking "copyright removal request" claiming your extension is about to be removed from the Chrome Web Store and that you have 48 hours to appeal. It even looks personalized. After you enter your extension's ID to "verify" it, the page pulls in your extension's real name and icon. But it's all part of a phishing attack designed to steal your Google username and password. READ MORE...
DriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate Attacks
Threat actors have compromised thousands of websites for the purpose of engineering industrialized ClickFix and FakeUpdate attacks in an organized malware delivery operation aimed at selling initial access to systems. The campaign targets not only Windows users but also macOS systems and appears to be a mature cybercriminal ecosystem that avoided detection for nearly a year. The operation - dubbed DriveSurge - appears to function as an initial access broker. READ MORE...
Only 11% of production agents pass the AI agent security bar
Enterprise teams are running AI agents that write code, drive browsers, answer customer calls, manage cloud infrastructure, and query data warehouses with standing credentials. A new independent assessment of 100 production agents finds that nearly all of them carry the conditions for a single hostile document to take them over. The report describes a "lethal trifecta" common across the cohort: private data access, exposure to untrusted content, and the ability to take outbound actions. READ MORE...
AI-built ransomware toolkit automates EDR evasion, AD discovery
A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions. Tool and payload development was assisted by Cursor and Claude Opus agents in various stages, including initial coding, analysis, and revisioning. Additionally, some agents were tasked with checking security research posts for various bypass techniques. READ MORE...
Malicious Notifications Could Trick Google Gemini Users
A novel prompt injection technique would have let attackers misuse Google Gemini's voice assistant by taking advantage of its ability to summarize message notifications. SafeBreach today published research about the attack, titled, "Gemini's Secret Affair: Exploiting Gemini Voice Assistant Through Instant Messaging Apps." It's an extension of previous findings in which the company similarly used calendar invitations to trick Google Gemini into processing malicious prompts. READ MORE...
Another bug hunter leaks Microsoft exploits in defiance of company's handling of vulnerability disclosures
Yet another aggrieved bug hunter has leaked a vulnerability affecting a Microsoft product after becoming disillusioned with the way the company handles security reports. Ammar Askar dropped a proof of concept (PoC) exploit for a Visual Studio Code (VS Code) flaw within just an hour of disclosing it to "an old contact" at the open source platform, according to his account of things. The vulnerability he exposed involves attackers configuring repos to push malicious VS Code extensions. READ MORE...
'HTTP/2 Bomb' Exploit Knocks Web Servers Offline in Seconds
Known denial-of-service (DoS) techniques can be chained together in a new exploit that can knock major web servers offline, Calif security researchers warn. Dubbed HTTP/2 Bomb and discovered using OpenAI's Codex, the exploit combines a compression bomb that targets HTTP/2's header compression scheme (HPACK) with a Slowloris-style hold that prevents the server from freeing memory. According to California-based cybersecurity firm Calif, the attack potentially affects over 880,000 websites. READ MORE...
- ...in 1927, saxophonist Homer Louis "Boots" Randolph, famous for his 1963 hit "Yakety Sax", is born in Paducah, KY.
- ...in 1950, singer-songwriter and '70s glam rocker Suzi Quatro is born in Detroit, MI.
- ...in 1958, the University of Cincinnati gets its first computer, an IBM 650, which costs $28k per year to lease and uses less power than a cell phone.
- ...in 1965, astronaut Ed White becomes the first American to walk in space, during the Gemini 4 mission.
