securityrss.ai

DARPA touts value of AI-powered vulnerability detection as it announces competition winners

The Defense Advanced Research Projects Agency (DARPA) announced winners of its AI Cyber Challenge at DEF CON, aimed at developing AI tools for autonomous software vulnerability detection and patching.

Columbia University data breach impacts nearly 870,000 individuals

An unknown threat actor breached Columbia University's network in May 2025, compromising the personal, financial, and health information of 868,969 individuals, including students and employees. The breach was discovered on June 24, following a system outage.

The U.S. judiciary plans to enhance security for its case management system following recent escalated cyberattacks, including a reported breach that may have compromised confidential court informants' identities.

Wave of 150 crypto-draining extensions hits Firefox add-on store

A malicious campaign named 'GreedyBear' has infiltrated the Firefox add-on store with 150 crypto-draining extensions, stealing around $1 million from users. These extensions impersonate legitimate cryptocurrency wallets and initially appear benign.

Hackers Hijacked Google’s Gemini AI With a Poisoned Calendar Invite to Take Over a Smart Home

Researchers demonstrated that hackers could exploit Google’s Gemini AI using poisoned calendar invites to execute indirect prompt injections, allowing control over smart home devices. By manipulating prompts, they could trigger actions like opening windows or initiating video calls.

Air France and KLM disclose data breaches impacting customers

Air France and KLM reported a data breach affecting an undisclosed number of customers due to unauthorized access to a customer service platform. The airlines confirmed that financial and personal information was not compromised.

BlackSuit, Royal ransomware group hit over 450 US victims before last month’s takedown

The BlackSuit and Royal ransomware groups have compromised over 450 U.S. victims since 2022, extorting over $370 million in ransom. Their infrastructure was dismantled in a global takedown last month, with a seizure notice displayed since July 24.

Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes

Cybersecurity researchers identified 11 malicious Go packages that download payloads to execute on Windows and Linux systems, potentially compromising both. The packages conceal an obfuscated loader that fetches binaries to gather host information and access web browser data.

Shared secret: EDR killer in the kill chain

The article discusses the rise of sophisticated malware designed to disable Endpoint Detection and Response (EDR) systems, particularly in ransomware attacks.

Cyberattack hits France’s third-largest mobile operator, millions of customers affected

Bouygues Telecom, France's third-largest mobile operator, reported a cyberattack compromising data from 6.4 million customer accounts. The nature of the attack remains undisclosed, but the company stated it was resolved quickly.

New Ghost Calls tactic abuses Zoom and Microsoft Teams for C2 operations

A new command-and-control (C2) evasion method called 'Ghost Calls' exploits TURN servers used by Zoom and Microsoft Teams, allowing attackers to tunnel traffic through trusted infrastructure.

SonicWall Confirms Patched Vulnerability Behind Recent VPN Attacks, Not a Zero-Day

SonicWall confirmed that recent attacks on its Gen 7 firewalls with SSL VPN are linked to CVE-2024-40766, a patched vulnerability (CVSS score: 9.3) related to improper access control. The company noted that many incidents stemmed from password reuse during migrations from Gen 6 to Gen 7 firewalls.

British intelligence warns cyber threat to critical infrastructure is increasing

The UK's National Cyber Security Centre (NCSC) warns of an increasing cyber threat to critical infrastructure, highlighting a gap between potential harm and defense capabilities.

CISA, Microsoft warn about new Microsoft Exchange server vulnerability

CISA and Microsoft warned of a high-severity vulnerability in Microsoft Exchange, tracked as CVE-2025-53786, allowing attackers with admin privileges to escalate access from on-premises to cloud systems. No exploitation has been detected.

France extradites Nigerian national to US over $2.5 million hack targeting tax businesses

Chukwuemeka Victor Amachukwu, a Nigerian national, was extradited from France to the U.S. on charges related to a $2.5 million hacking scheme targeting tax businesses.

Dialysis company DaVita says more than 900,000 people affected by April ransomware attack

In April, DaVita experienced a ransomware attack affecting 915,952 individuals, with sensitive healthcare information stolen, including names, addresses, Social Security numbers, and clinical data.

Microsoft Launches Project Ire to Autonomously Classify Malware Using AI Tools

Microsoft announced Project Ire, an autonomous AI agent for malware classification, which automates reverse engineering of software to determine its nature. The prototype uses various tools to analyze files, achieving a 90% accuracy rate in identifying threats with only a 2% false positive rate.

CERT-UA Warns of HTA-Delivered C# Malware Attacks Using Court Summons Lures

CERT-UA has issued a warning about UAC-0099, a threat actor targeting Ukrainian government and defense sectors with phishing emails that deliver malware like MATCHBOIL, MATCHWOK, and DRAGSTARE.

Google says hackers stole its customers’ data by breaching its Salesforce database

Google confirmed a data breach involving its Salesforce database, attributed to the hacking group ShinyHunters (UNC6040). The compromised data includes basic business information, such as names and contact details, which are largely publicly available.

Pandora confirms data breach amid ongoing Salesforce data theft attacks

Danish jewelry brand Pandora has confirmed a data breach involving customer names, birthdates, and email addresses due to unauthorized access via a third-party Salesforce database. No passwords or financial information were compromised.

Critical Trend Micro Apex One Management RCE Vulnerability Actively Exploited in the wild

Critical command injection remote code execution (RCE) vulnerabilities, CVE-2025-54948 and CVE-2025-54987, in Trend Micro Apex One Management Console are being actively exploited, with a CVSS score of 9.4. Trend Micro released FixTool_Aug2025.

WhatsApp deletes over 6.8m accounts linked to scams, Meta says

WhatsApp removed 6.8 million accounts linked to scams in the first half of the year, targeting organized crime operations in South East Asia. The platform introduced new anti-scam measures, including alerts for users added to unknown group chats.

Microsoft's Zero Day Quest returns in Spring 2026, offering up to $5 million in bounty awards for high-impact research in Cloud and AI security. The Research Challenge runs from August 4 to October 4, 2025, allowing vulnerability submissions in Microsoft Azure, Copilot, Dynamics 365, and more.

CTM360 spots Malicious ‘ClickTok’ Campaign Targeting TikTok Shop users

CTM360 has identified a global malware campaign named "ClickTok," targeting TikTok Shop users with SparkKitty spyware to steal cryptocurrency. The campaign employs a hybrid model of phishing and malware, using fake TikTok websites and trojanized apps to harvest sensitive data.

Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approval

A high-severity vulnerability in the Cursor AI code editor, tracked as CVE-2025-54136 (CVSS score: 7.2), allows remote code execution by modifying trusted Model Context Protocol (MCP) configurations. Attackers can replace approved MCP files with malicious payloads, achieving persistent execution.

ReVault! When your SoC turns against you…

Talos reported five vulnerabilities in Broadcom and Dell's ControlVault3 Firmware, affecting over 100 Dell laptop models.

Cisco discloses data breach impacting Cisco.com user accounts

Cisco disclosed a data breach affecting Cisco.com user accounts due to a voice phishing (vishing) attack on July 24. An attacker gained access to a third-party CRM system, stealing basic profile information such as names, email addresses, and phone numbers.

Android gets patches for Qualcomm flaws exploited in attacks

Google's August 2025 Android security update addresses six vulnerabilities, including two Qualcomm flaws (CVE-2025-21479 and CVE-2025-27038) exploited in targeted attacks.

Perplexity accused of scraping websites that explicitly blocked AI scraping

Cloudflare accused AI startup Perplexity of circumventing website scraping blocks, claiming it obscured its identity while crawling sites that explicitly prohibited scraping. Cloudflare observed this behavior across tens of thousands of domains, using machine learning to identify the crawler.

Mozilla warns of phishing attacks targeting add-on developers

Mozilla has issued a warning about a phishing campaign targeting developers on its AMO (addons.mozilla.org) platform. The phishing emails, impersonating the AMO team, claim that accounts require updates to maintain access to development features.