Fairmont Federal Credit Union is notifying over 187,000 individuals that their personal and financial information was stolen in a two-year-old data breach. A not-for-profit financial organization, Fairmont Federal Credit Union offers services such as business and home mortgage loans, financial first aid, and personal checking. It operates nine regional branches in West Virginia. The organization discovered the cybersecurity incident on January 23, 2024. READ MORE...
A US fintech biz is writing to nearly 700,000 customers because a former employee may have accessed or acquired their data after leaving the company. FinWise Bank, which offers banking services and technology solutions to other financial services organizations, said some of the data involved belonged to American First Finance (AFF), a poor-credit lender through which FinWise offered installment loans. READ MORE...
Samsung's September 2025 security updates for Android devices include a patch for a vulnerability that has been exploited in the wild. The exploited bug, tracked as CVE-2025-21043 (CVSS score of 8.8), is described as an out-of-bounds write issue in the libimagecodec.quram.so image parsing library, which is used by applications that process images on Samsung devices. Successful exploitation of the security defect allows remote attackers to execute arbitrary code on vulnerable devices. READ MORE...
A newly discovered phishing-as-a-service (PhaaS) platform, named VoidProxy, targets Microsoft 365 and Google accounts, including those protected by third-party single sign-on (SSO) providers such as Okta. The platform uses adversary-in-the-middle (AitM) tactics to steal credentials, multi-factor authentication (MFA) codes, and session cookies in real time. VoidProxy was discovered by Okta Threat Intelligence researchers, who describe it as scalable, evasive, and sophisticated. READ MORE...
Earlier this week, Aikido Security disclosed what is being described as the largest npm supply chain compromise to date. Attackers successfully injected malicious code into 18 popular npm packages, collectively accounting for more than 2.6 billion weekly downloads. The entire campaign began not with a technical exploit, but with a single, well-trained maintainer clicking on a convincingly crafted phishing email. READ MORE...
Most enterprise AI activity is happening without the knowledge of IT and security teams. According to Lanai, 89% of AI use inside organizations goes unseen, creating risks around data privacy, compliance, and governance. This blind spot is growing as AI features are built directly into business tools. Employees often connect personal AI accounts to work devices or use unsanctioned services, making it difficult for security teams to monitor usage. READ MORE...
A new type of attack on artificial intelligence (AI) coding agents lets threat actors convince users to give permission to the AI to do dangerous things that ultimately could result in a software supply chain attack. The attack, called "lies-in-the-loop" (LITL), does this by persuading the AI that the things it's being asked it to do are much safer than they really are, researchers from Checkmarx Zero, who achieved the vector, revealed in a report published today. READ MORE...