Kazuar, a sophisticated .NET-based backdoor attributed to Russian APT group Secret Blizzard (formerly Turla), has undergone significant evolution since its discovery in 2017. Recent analysis reveals the malware has transformed into a highly modular espionage platform with plugin-based architecture,
Anthropic has announced plans to release its Mythos-class AI models to the public, marking a significant shift in accessibility for advanced language models. This expansion raises critical security concerns around prompt injection attacks, jailbreaking attempts, data exfiltration risks, and potentia
Chinese-language Phishing-as-a-Service (PhaaS) platforms have significantly evolved, now incorporating artificial intelligence and sophisticated MFA bypass techniques. These commercial services lower the barrier to entry for cybercriminals, offering turnkey phishing solutions with advanced evasion c
Anthropic’s Project Glasswing leveraged advanced AI to identify more than 10,000 security vulnerabilities across open-source software in just 30 days. While this achievement demonstrates unprecedented vulnerability discovery capabilities, it simultaneously exposes a critical gap: our ability to patc
Claude Mythos, an advanced AI-powered vulnerability scanner, has identified over 10,000 high-severity security flaws across widely deployed software systems in just 30 days. This unprecedented discovery rate represents a 40x increase compared to traditional manual code review methods and raises crit
The Ghostwriter APT group has resurfaced with a sophisticated social engineering campaign targeting Ukrainian government institutions. Attackers are leveraging compromised credentials and spoofed communications mimicking the legitimate “Vseosvita” learning platform to distribute malicious payloads.
A Russian-speaking threat actor successfully jailbroke Google’s Gemini AI to conduct sophisticated social engineering attacks that resulted in cryptocurrency wallet theft. The attacker leveraged the compromised AI to craft convincing phishing communications, targeting at least one victim with politi
The FBI has issued an urgent warning about Kali365, a sophisticated phishing-as-a-service (PhaaS) kit specifically designed to compromise Microsoft 365 accounts. This turnkey solution enables even low-skilled cybercriminals to launch convincing phishing campaigns that bypass multi-factor authenticat
An author’s reliance on AI language models resulted in fabricated quotes being published in a book about truth and authenticity. Despite discovering the synthetic content, the author defended continued AI usage, highlighting a critical vulnerability in AI-assisted content creation: hallucination wit
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: a command injection flaw in Trend Micro Apex One (CVE-2024-51537) and an arbitrary file read vulnerability in Langflow (CVE-2024-11056). Both