Zero‑click Grafana AI attack can enable enterprise data exfiltration
Indirect prompt injection is possible on AI-powered dashboards, allowing exfiltration of sensitive enterprise data without user authentication. Security rese...
Financial
20 articles
Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign
An active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptoc...
Over $17bn Lost to Cyber Fraud in the Last Year, Warns FBI
Cryptocurrency scams alone cost victims over $7 billion, while AI-enabled fraud threats are on the rise, says FBI
Fake Installers Spread RATs, Monero Miners in Ongoing Malware Campaign
Fake software installers are being used in a long-running malware operation to drop remote access trojans (RATs), Monero cryptominers, and a new .NET implant...
Microsoft Warns Storm-1175 Exploiting Web-Facing Vulnerabilities to Deploy Medusa Ransomware
Microsoft is warning that a fast‑moving threat actor it tracks as Storm‑1175 is aggressively exploiting vulnerabilities in internet‑exposed systems to delive...
Fake TradingView Premium Reddit Posts Spread Vidar and AMOS Stealers
A new malware campaign is abusing Reddit to distribute fake “cracked” builds of TradingView Premium that secretly install Vidar and AMOS information‑stealing...
Cyberattack on telecom giant Rostelecom disrupts internet services across Russia
A “large-scale” distributed denial-of-service (DDoS) attack targeted the network of Russian state-run telecom giant Rostelecom on Monday evening, temporarily...
FBI: Cyber fraud surges to $17.6 billion in losses as scams, crypto theft soar
Cyber-enabled fraud was behind 85% of all losses reported to the FBI in 2025 and constituted 45% of the 1,008,597 complaints it's IC3 unit received overall.
Microsoft links Medusa ransomware affiliate to zero-day attacks
Microsoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-...
Drift $280M crypto theft linked to 6-month in-person operation
The Drift Protocol says that the $280+ million hack it suffered last week was the result of a long-term, carefully planned operation that included building "...
Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations
The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize recently disclosed vulnerabilities...
SparkCat malware returns on app stores, targeting cryptocurrency users
The malware, identified by cybersecurity firm Kaspersky, has appeared in apps on both iOS and Android platforms, primarily targeting cryptocurrency users in ...
Drift Protocol Hit in $286M Suspected North Korea-Linked Crypto Heist
Hackers have stolen approximately $286 million from Drift Protocol, a leading decentralized perpetual futures exchange on the Solana blockchain, in what secu...
Major outage hits Russian banking apps, metro payments across regions
The disruption on Friday affected apps from some of the country’s largest banks, including Sberbank, VTB, Alfa-Bank, T-Bank and Gazprombank.
North Korea’s Modular Malware Strategy Hides Attribution, Defies Takedowns
North Korea’s cyber program is shifting from monolithic “families” to a modular, portfolio-style malware ecosystem designed to survive exposure, frustrate at...
Google Wants to Transition to Post-Quantum Cryptography by 2029
Google says that it will fully transition to post-quantum cryptography by 2029. I think this is a good move, not because I think we will have a useful quantu...
Battling payment fraud with tokenization and executive interviews from RSAC 2026 - Brian Oh, Mickey Bresman, Ashish Jain, Thyaga Vasudevan, Jimmy White - ESW #453
Threat Actors Weaponize Fake Microsoft Teams Domains to Target Users
Threat actors associated with North Korea are deploying fake Microsoft Teams domains to conduct social engineering attacks and distribute malware. The threat...
Traffic violation scams switch to QR codes in new phishing texts
Scammers are sending fake "Notice of Default" traffic violation text messages impersonating state courts across the U.S.
Week in review: Axios npm supply chain compromise, critical FortiClient EMS bugs exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Financial groups lay out a plan to fight AI identity attack...