Security experts have identified that malicious actors are currently taking advantage of a security weakness in ChatGPT, enabling them to insert harmful URL redirects within the AI chatbot’s interface. In just one week, over 10,000 exploitation attempts were traced back to a single malicious IP addresses What is it Security analysts uncovered this vulnerability within … Continued
A large-scale phishing campaign has recently targeted GitHub users, affecting more than 12,000 repositories. The attackers lured developers into authorizing a malicious OAuth app by sending fake “Security Alert” issues. The phishing alert appeared to be a legitimate security warning: “Security Alert: Unusual Access Attempt – We have detected a login attempt on your GitHub … Continued
For the last few months, RansomHub a cybercriminal group has partnered with FakeUpdates a malware-as-a-service (MaaS) to deliver ransomware against US government organizations. The threat actor behind FakeUpdates is “SocGholish”. Who is RansomHub RansomHub first came to public attention in February 2024, operating as a Ransomware-as-a-Service (RaaS) group.The group offers a higher level of autonomy … Continued
Microsoft Incident Response researchers have discovered a powerful new remote access trojan (RAT) called StilachiRAT with sophisticated capabilities for credential theft and cryptocurrency wallet. Technical Capabilities System reconnaissance: Executes WMI queries via WQL to gather system information and hardware identifiers, creating a unique device fingerprint derived from system serial numbers and attacker RSA keys. Cryptocurrency … Continued
What is an LLM? A Large Language Model (LLM) is a type of AI system designed to process and generate text. Built on transformer neural network architectures, LLMs can analyze and predict language with exceptional accuracy by leveraging enormous datasets. This ability to understand and produce human-like text has made LLMs a game-changer across various … Continued
Cybercriminals are deploying are sophisticated a phishing campaign that uses malicious Microsoft OAuth apps masquerading as legitimate Adobe and DocuSign apps to steal Microsoft 365 credentials and distribute malware. How This Campaign Works … Continued
AI has revolutionized many sectors, and cybersecurity is no exception. As cyber threats and the cost of breaches are increasing, AI has made its way into the cybersecurity professionals’ arsenal. It is now used in a way that was previously unimaginable, like enhancing threat detection, reducing the response time in case of a breach, and … Continued
Cybersecurity researchers have uncovered a series of highly sophisticated instructions targeting Fortinet firewall appliances to deploy new ransomware strain “SuperBlack”. This occurred between January and March 2025. The malicious campaign, attributed to a threat actor labeled “Mora_001,” operated throughout Q1 2025, leveraging unpatched security flaws to intrude corporate networks. Technical Vulnerability Exploitation Chain … Continued
LLMs have become increasingly democratized over the past two years, making access to them easier than ever. However, with the emergence of any new technology or tool, there is always the risk of it being exploited for malicious purposes, and LLMs are no exception. According to a recent research report, OpenAI’s new operator, launched in … Continued
For the third consecutive month in 2025, Apple has rolled out an emergency security patch to fix an actively exploited zero-day vulnerability. The flaw, identified as CVE-2025-24201, exists in WebKit, Apple’s open-source browser engine utilized by Safari and other apps across macOS, iOS, and iPadOS Affected Devices iPhone XS and newer iPad Pro (3rd generation … Continued
