Hackers Can Hijack Your Terminal Via Prompt Injection using LLM-powered Apps

Researchers have uncovered that Large Language Models (LLMs) can generate and manipulate ANSI escape codes, potentially creating new security vulnerabilities in terminal-based applications. ANSI escape sequences are a standardized set of control characters used by terminal emulators to manipulate the appearance and behavior of text displays. They enable features such as text color changes, cursor movement, blinking text, and more. Terminal emulators interpret these sequences […]

Millionaire Airbnb Phishing Ring Busted Up by Police

NEWS BRIEF Five suspects have been arrested in Belgium, accused of taking part in a sprawling phishing operation that committed cybercrimes on an industrial scale across Europe. The group operated by setting up call centers in luxury Airbnbs and apartment rentals to contact victims and lure them into handing over banking information, which was then […]

Cleo 0-day Vulnerability Exploited to Deploy Malichus Malware

Cybersecurity researchers have uncovered a sophisticated exploitation campaign involving a zero-day (0-day) vulnerability in Cleo file transfer software platforms. This campaign has been used to deliver a newly identified malware family, now dubbed “Malichus.” The threat, recently analyzed by Huntress and corroborated by other industry vendors, demonstrates significant technical complexity, raising alarms across the cybersecurity community due […]

A security ‘hole’ in Krispy Kreme Doughnuts helped hackers take a bite

The attack that yet remains unclaimed disrupted parts of Krispy Kreme’s online sales in the US. Global Doughnut and coffee chain owner Krispy Kreme, famous for its “original glazed doughnuts,” has a “portion of their IT systems” disrupted by a cyberattack. In an SEC filing on Wednesday, the global doughnut business said it suffered a cybersecurity incident […]

Earlier this month, Google CEO Sundar Pichai announced the creation of their new quantum computing chips called “Willow“, which caused a few ripples in the Bitcoin investment community, but also caused some skepticism among Bitcoin skeptics due to the announcement. A viral tweet sent out by Geiger Capital declaring “Bitcoin is dead” as a joke sparked a […]

PUMAKIT, a sophisticated rootkit that uses advanced stealth mechanisms

Researchers discovered PUMAKIT, a Linux rootkit capable of hiding files, escalating privileges, and evading system tools and detection. Elastic Security Lab researchers discovered a new loadable kernel module (LKM) rootkit called PUMAKIT that supports advanced evasion mechanisms. PUMAKIT features a multi-stage design including a dropper, memory-resident executables, and a rootkit. It leverages an LKM rootkit named […]

Bogus video conferencing app leveraged for Realst infostealer delivery

Individuals in the Web3 sector have been subjected to a novel scam campaign that distributes the Realst information-stealing malware through the fraudulent video conferencing app Meetio, previously known as Clusee, Cuesee, Meeten, and Meetone, according to The Hacker News. ADVERTISEMENT After leveraging artificial intelligence to create a website establishing the app’s legitimacy, threat actors proceeded to lure targets […]

Eliminate false positives with verified stolen credential detections using Push

With our latest release, Push takes TI data with stolen credentials sourced from criminal forums and compares it to the actual credentials still being used across customer environments, alerting on validated true positives only to cut through the noise. While striking gold sure feels good, mining for gold doesn’t. All that sifting for a few grains of […]

New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP

Cybersecurity researchers have discovered a new PHP-based backdoor called Glutton that has been put to use in cyber attacks targeting China, the United States, Cambodia, Pakistan, and South Africa. QiAnXin XLab, which discovered the malicious activity in late April 2024, attributed the previously unknown malware with moderate confidence to the prolific Chinese nation-state group tracked Winnti (aka […]

Rhode Island confirms data breach after Brain Cipher ransomware attack

Rhode Island is warning that its RIBridges system, managed by Deloitte, suffered a data breach exposing residents‘ personal information after the Brain Cipher ransomware gang hacked its systems. RIBridges is a modern integrated eligibility system (IES) used in Rhode Island to manage and deliver public assistance programs, helping streamline the administration of various social services. The […]