Cisco has disclosed that cybercriminals stole the basic profile information of users registered on Cisco.com following a voice phishing (vishing) attack that targeted a company representative. After becoming aware of the incident on July 24th, the networking equipment giant discovered that the attacker tricked an employee and gained access to a third-party cloud-based Customer Relationship Management (CRM) system used by Cisco. READ MORE...
Vietnamese-speaking hackers are carrying out a "highly evasive, multi-stage operation" to steal information from thousands of victims in more than 62 countries, researchers said in a report published Monday. The attackers emerged late last year but have evolved with novel techniques this year, with SentinelLABS of SentinelOne and Beazley Security ultimately identifying 4,000 victims, most commonly in South Korea, the United States, the Netherlands, Hungary and Austria. READ MORE...
Just as the smart phone made everyone a digital photographer, vibe coding will make everyone a software developer and will change the software development industry forever. Andrej Karpathy, co-founder of OpenAI and former AI leader at Tesla, introduced the term 'vibe coding' in a February 2, 2025, tweet. "There's a new kind of coding I call 'vibe coding', where you fully give in to the vibes, embrace exponentials, and forget that the code even exists." READ MORE...
Google on Monday announced a fresh set of security updates for Android that address six vulnerabilities in the operating system and third-party components, including an exploited Qualcomm flaw. The exploited bug, disclosed in early June and tracked as CVE-2025-27038 (CVSS score of 7.5), is described as a use-after-free issue when rendering graphics using Adreno GPU drivers in Chrome. In May, Qualcomm shipped patches for all three security defects to OEMs and phone makers. READ MORE...
More than 4,000 victims across 62 countries have been infected by stealthy infostealers pilfering people's passwords, credit card numbers, and browser cookies, which are then sold to other criminals on Telegram-based marketplaces. South Korea, the US, the Netherlands, Hungary, and Austria have been the hardest-hit countries in this ongoing campaign, according to SentinelLabs and Beazley Security, which detailed their findings in a Monday report. READ MORE...
A newly discovered Linux malware, which has evaded detection for over a year, allows attackers to gain persistent SSH access and bypass authentication on compromised systems. Nextron Systems security researchers, who identified the malware and dubbed it "Plague," describe it as a malicious Pluggable Authentication Module (PAM) that uses layered obfuscation techniques and environment tampering to avoid detection by traditional security tools. READ MORE...
AI search engine Perplexity is using stealth bots and other tactics to evade websites' no-crawl directives, an allegation that if true violates Internet norms that have been in place for more than three decades, network security and optimization service Cloudflare said Monday. In a blog post, Cloudflare researchers said the company received complaints from customers who had disallowed Perplexity scraping bots by implementing settings in their sites' robots.txt files. READ MORE...
Receiving an unexpected package in the post is not always a pleasant surprise. The FBI has warned the public about unsolicited packages containing a QR code which leads to a website aimed at stealing personal data or downloading malware to the victim's device. The packages are often shipped without sender information, only the QR code. This is a deliberate tactic of the cybercriminals who hope that the lack of information will encourage more people to scan the code. READ MORE...
SonicWall on Monday confirmed that it's investigating a rash of ransomware activity targeting its firewall devices, following multiple reports of a zero-day bug under active exploit in its VPNs. "SonicWall is actively investigating a recent increase in reported cyber incidents involving a number of Gen 7 firewalls running various firmware versions with SSL VPN enabled," a company spokesperson told The Register. READ MORE...
Cloud security giant Wiz has disclosed another set of vulnerabilities that can pose a significant risk to AI systems that rely on Nvidia products, in this case the company's Triton Inference Server. Nvidia announced in an advisory published on Monday that more than a dozen vulnerabilities have been patched in Triton Inference Server, an open source software that enables users to deploy any AI model from various deep learning and machine learning frameworks. READ MORE...