Tag: security professionals

—

by

Source URL: https://www.theregister.com/2025/09/16/microsoft_cloudflare_shut_down_raccoono365/ Source: The Register Title: Microsoft blocks bait for ‘fastest-growing’ 365 phish kit, seizes 338 domains Feedly Summary: Redmond names alleged ringleader, claims 5K+ creds stolen and $100k pocketed Microsoft has seized 338 websites associated with RaccoonO365 and identified the leader of the phishing service – Joshua Ogundipe – as part of a…

The Register: Google unveils master plan for letting AI shop on your behalf

—

by

Source URL: https://www.theregister.com/2025/09/16/google_unveils_masterplan_for_letting/ Source: The Register Title: Google unveils master plan for letting AI shop on your behalf Feedly Summary: Mastercard, American Express, Coinbase, and PayPal sign up at launch Google has given the go-ahead to a plan that lets AI agents make purchases on your behalf and, on Tuesday, released its Agent Payments Protocol…

The Register: Self-propagating worm fuels latest npm supply chain compromise

—

by

Source URL: https://www.theregister.com/2025/09/16/npm_under_attack_again/ Source: The Register Title: Self-propagating worm fuels latest npm supply chain compromise Feedly Summary: Intrusions bear the same hallmarks as recent Nx mess The npm platform is the target of another supply chain attack, with crims already compromising 187 packages and counting.… AI Summary and Description: Yes Summary: The text discusses a…

Krebs on Security: Self-Replicating Worm Hits 180+ Software Packages

—

by

Source URL: https://krebsonsecurity.com/2025/09/self-replicating-worm-hits-180-software-packages/ Source: Krebs on Security Title: Self-Replicating Worm Hits 180+ Software Packages Feedly Summary: At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages…

Bulletins: Vulnerability Summary for the Week of September 8, 2025

—

by

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-258 Source: Bulletins Title: Vulnerability Summary for the Week of September 8, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Adobe–Acrobat Reader Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the…

The Register: ‘FileFix’ attacks use fake Facebook security alerts to trick victims into running infostealers

—

by

Source URL: https://www.theregister.com/2025/09/16/filefix_attacks_facebook_security_alert/ Source: The Register Title: ‘FileFix’ attacks use fake Facebook security alerts to trick victims into running infostealers Feedly Summary: Tech evolved from PoC to global campaign in under two months An attack called FileFix is masquerading as a Facebook security alert before ultimately dropping the widely used StealC infostealer and malware downloader.……

Schneier on Security: Microsoft Still Uses RC4

—

by

Source URL: https://www.schneier.com/blog/archives/2025/09/microsoft-still-uses-rc4.html Source: Schneier on Security Title: Microsoft Still Uses RC4 Feedly Summary: Senator Ron Wyden has asked the Federal Trade Commission to investigate Microsoft over its continued use of the RC4 encryption algorithm. The letter talks about a hacker technique called Kerberoasting, that exploits the Kerberos authentication system. AI Summary and Description: Yes…

Unit 42: The Risks of Code Assistant LLMs: Harmful Content, Misuse and Deception

Sep 15, 2025

—

by

Source URL: https://unit42.paloaltonetworks.com/code-assistant-llms/ Source: Unit 42 Title: The Risks of Code Assistant LLMs: Harmful Content, Misuse and Deception Feedly Summary: We examine security weaknesses in LLM code assistants. Issues like indirect prompt injection and model misuse are prevalent across platforms. The post The Risks of Code Assistant LLMs: Harmful Content, Misuse and Deception appeared first…

Google Online Security Blog: Supporting Rowhammer research to protect the DRAM ecosystem

Sep 15, 2025

—

by