China-Nexus Actor Spies on US Researchers Undetected for a Year
Google discovered and disrupted the sprawling campaign, which stole RedCAP credentials to breach numerous institutions and exfiltrate sensitive data.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Google discovered and disrupted the sprawling campaign, which stole RedCAP credentials to breach numerous institutions and exfiltrate sensitive data.
The massive amount of junk code that hides the malware's logic from security scans was almost certainly generated by AI, researchers say.
Researchers detailed a souped-up version of the GoBruteforcer botnet that preys on servers with weak credentials and AI-generated configurations.
Researchers discovered a security weakness in the AI-powered coding tool that allows malicious MCP server to hijack Cursor's internal browser.
Researchers measured a threefold increase in credential stealing between 2023 and 2024, with more than 11.3 million such thefts last year.
Researchers demonstrate how to hack Ruijie Reyee access points without Wi-Fi credentials or even physical access to the device.
In a "new class of attack," the Russian APT breached a target in Washington, DC, by credential-stuffing wireless networks in close proximity to it and daisy-chaining a vector together in a resourceful and creative way, according to researchers.
These types of "long-lived" credentials pose a risk for users across all major cloud service providers, and must meet their very timely ends, researchers say.
Black Hat researchers show top password managers on Android mobiles are prone to leak passwords when using WebView autofill function.
If not correctly locked down, Jupyter Notebook offers a novel initial access vector that hackers can use to compromise enterprise cloud environments, as seen in a recent hacking incident.
Researchers found that many Dark Web forums have stronger password rules than most government and military entities.
The TeamTNT threat actor appears to be setting the stage for broader cloud worm attacks, researchers say.
Vulnerable MS-SQL database servers have external connections and weak account credentials, researchers warn.
Researchers warn about a dangerous wave of unwiped secondhand core-routers found containing corporate network configurations, credentials, and application and customer data.
Credential phishing emails are the clear favorite of threat actors, with a 478% spike last year, new research shows.
The ride-sharing giant says a member of the notorious Lapsus$ hacking group started the attack by compromising an external contractor's credentials, as researchers parse the incident for takeaways.
Google researchers say the nation-state hacking team is now employing a data-theft tool that targets Gmail, Yahoo!, and Microsoft Outlook accounts using previously acquired credentials.