DataBreachToday

LiteLLM Hit in Cascading Supply-Chain Attack

Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing ...

DarkSword leak puts millions of iPhone users at risk

A leaked hacking tool called DarkSword could expose older iPhones and iPads to attacks through malicious links and ...

This popular app builder is being abused to trick users - here's what we know

Cybercriminals abuse Bubble.io no-code platform to host phishing apps Trusted domain bypasses email security, tricking victims into Microsoft 365 credential theft Kaspersky warns technique likely to ...

These Hackers Launched A ‘Nightmare’ Attack On AI Developers

TeamPCP hackers say AI helped them launch a devastating spree of attacks. But they wouldn’t have succeeded if developers’ ...
TechJuice

Critical Flaw in Claude Chrome Extension Allowed Malicious Prompt Injection

Claude extension flaw allowed zero click attacks, letting hackers inject commands and access sensitive user data.
Dark Reading

Critical Flaw in Langflow AI Platform Under Attack

Threats actors pounced on the vulnerability within hours of its disclosure, demonstrating that organizations have little time ...

Microsoft 365 Under Siege: Phishing Campaign Bypasses MFA Across 5 Countries

A global phishing campaign targeting Microsoft 365 bypasses security codes using a legitimate login feature, impacting ...
CSO Online

Attackers exploit critical Langflow RCE within hours as CISA sounds alarm

Attackers weaponized critical RCE within hours, prompting CISA to add the flaw to its KEV catalog and set an urgent patch ...
Infosecurity Magazine

Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code

Security researchers from Georgia Tech have observed a surge in reported CVEs for which the flaw was introduced by ...

Looking for a safe investment right now? Gold’s not it

Bullion went from a record high above US$5,600 an ounce in late January to as low as US$4,100 an ounce this week ...

A simple coding mistake is exposing API keys across thousands of websites

A large-scale study has revealed that websites are unintentionally exposing API keys tied to services like AWS, Stripe, and OpenAI, with most leaks traced back to publicly accessible JavaScript files.