tldr; boffins did it interview  It all started as an idea for a research paper. … READ MORE HERE…

Pro tip, don’t install PowerShell commands without approval A team of data thieves has doubled down by developing its CastleRAT malware in both Python and C variants. Both versions spread by tricking users into pasting malicious commands through a technique called ClickFix, which uses fake fixes and login prompts.… READ MORE HERE…

9.9-rated flaw on the loose, so patch now A critical code-injection bug in SAP S/4HANA that allows low-privileged attackers to take over your SAP system is being actively exploited, according to security researchers.… READ MORE HERE…

Affinity Learning Partnership warns staff after Intradev breach A major UK education trust has warned staff that their personal information may have been compromised following a cyberattack on software developer Intradev in August.… READ MORE HERE…

You cut and pasted the machine key from the official documentation? Ouch Unknown miscreants are exploiting a configuration vulnerability in multiple Sitecore products to achieve remote code execution via a publicly exposed key and deploy snooping malware on infected machines.… READ MORE HERE…

AI agent system said to have found more than 100 zero-day flaws in production apps AI models get slammed for producing sloppy bug reports and burdening open source maintainers with hallucinated issues, but they also have the potential to transform application security through automation.… READ MORE HERE…

Defrauding search with custom malware, Potato-family exploits A new China-aligned cybercrime crew named GhostRedirector has compromised at least 65 Windows servers worldwide – spotted in a June internet scan – using previously undocumented malware to juice gambling sites’ rankings in Google search, according to ESET researchers.… READ MORE HERE…