Teach a crook to phish… Criminals can more easily pull off social engineering scams and other forms of identity fraud thanks to custom voice-phishing kits being sold on dark web forums and messaging platforms.… READ MORE HERE…
Critical vuln flew under the radar for a decade A recently disclosed critical vulnerability in the GNU InetUtils telnet daemon (telnetd) is “trivial” to exploit, experts say.… READ MORE HERE…
Where the shiny new FOMO object collides with insider-threat reality AI agents arrived in Davos this week with the question of how to secure them – and prevent agents from becoming the ultimate insider threat – taking center stage during a panel discussion on cyber threats.… READ MORE HERE…
Its very own Snooper’s Charter comes a month after proposed biometric tech expansion The Irish government is planning to bolster its police’s ability to intercept communications, including encrypted messages, and provide a legal basis for spyware use.… READ MORE HERE…
ACME validation had a challenge-request hole Cloudflare has fixed a flaw in its web application firewall (WAF) that allowed attackers to bypass security rules and directly access origin servers, which could lead to data theft or full server takeover.… READ MORE HERE…
Prompt injection for the win Anthropic has fixed three bugs in its official Git MCP server that researchers say can be chained with other MCP tools to remotely execute malicious code or overwrite files via prompt injection.… READ MORE HERE…
Feras Albashiti faces 10 years after $20,000 in sales to undercover agent exposed ransomware ties A Jordanian national faces sentencing in the US after pleading guilty to acting as an initial access broker (IAB) for various cyberattacks.… READ MORE HERE…
Maine filing confirms July attack affected 42,521 employees and job applicants Ingram Micro disclosed that a July 2025 ransomware attack compromised the personal data of tens of thousands of employees.… READ MORE HERE…
PLUS: Navy spy sent to brig for 200 months in brig; Black Axe busted again; Bill aims to crimp ICE apps; and more Infosec In Brief PLUS: Google’s security outfit Mandiant last week released tools that can crack credentials in 12 hours, in the hope that doing so will accelerate the death of an ancient Microsoft security protocol.… READ MORE HERE…
Sloppy implementation of Google spec leaves ‘hundreds of millions’ of devices vulnerable Hundreds of millions of wireless earbuds, headphones, and speakers are vulnerable to silent hijacking due to a flaw in Google’s Fast Pair system that allows attackers to seize control without the owner ever touching the pairing button.… READ MORE HERE…