Non classé

Threat actors are continuing to upload malicious packages to the npm registry so as to tamper with already-installed local versions of legitimate libraries and execute malicious code in what’s seen as a sneakier attempt to stage a software supply chain attack.
The newly discovered package, named pdf-to-office, masquerades as a utility for converting PDF files to Microsoft Word documents. But, in

Threat actors are continuing to upload malicious packages to the npm registry so as to tamper with already-installed local versions of legitimate libraries and execute malicious code in what’s seen as a sneakier attempt to stage a software supply chain attack.
The newly discovered package, named pdf-to-office, masquerades as a utility for converting PDF files to Microsoft Word documents. But, in

Overview of the PlayPraetor Masquerading Party Variants
CTM360 has now identified a much larger extent of the ongoing Play Praetor campaign. What started with 6000+ URLs of a very specific banking attack has now grown to 16,000+ with multiple variants. This research is ongoing, and much more is expected to be discovered in the coming days. 
As before, all the newly discovered play

Overview of the PlayPraetor Masquerading Party Variants
CTM360 has now identified a much larger extent of the ongoing Play Praetor campaign. What started with 6000+ URLs of a very specific banking attack has now grown to 16,000+ with multiple variants. This research is ongoing, and much more is expected to be discovered in the coming days. 
As before, all the newly discovered play

The Identities Behind AI Agents: A Deep Dive Into AI & NHI

AI agents have rapidly evolved from experimental technology to essential business tools. The OWASP framework explicitly recognizes that Non-Human Identities play a key role in agentic AI security. Their analysis highlights how these autonomous software entities can make decisions, chain complex actions together, and operate continuously without human intervention. They’re no longer just tools,

AI agents have rapidly evolved from experimental technology to essential business tools. The OWASP framework explicitly recognizes that Non-Human Identities play a key role in agentic AI security. Their analysis highlights how these autonomous software entities can make decisions, chain complex actions together, and operate continuously without human intervention. They’re no longer just tools,

The Russia-linked threat actor known as Gamaredon (aka Shuckworm) has been attributed to a cyber attack targeting a foreign military mission based in Ukraine with an aim to deliver an updated version of a known malware called GammaSteel.
The group targeted the military mission of a Western country, per the Symantec Threat Hunter team, with first signs of the malicious activity detected on

The Russia-linked threat actor known as Gamaredon (aka Shuckworm) has been attributed to a cyber attack targeting a foreign military mission based in Ukraine with an aim to deliver an updated version of a known malware called GammaSteel.
The group targeted the military mission of a Western country, per the Symantec Threat Hunter team, with first signs of the malicious activity detected on

Law enforcement authorities have announced that they tracked down the customers of the SmokeLoader malware and detained at least five individuals.
« In a coordinated series of actions, customers of the Smokeloader pay-per-install botnet, operated by the actor known as ‘Superstar,’ faced consequences such as arrests, house searches, arrest warrants or ‘knock and talks,' » Europol said in a

Law enforcement authorities have announced that they tracked down the customers of the SmokeLoader malware and detained at least five individuals.
« In a coordinated series of actions, customers of the Smokeloader pay-per-install botnet, operated by the actor known as ‘Superstar,’ faced consequences such as arrests, house searches, arrest warrants or ‘knock and talks,' » Europol said in a

Cybersecurity researchers have disclosed details of an artificial intelligence (AI) powered platform called AkiraBot that’s used to spam website chats, comment sections, and contact forms to promote dubious search engine optimization (SEO) services such as Akira and ServicewrapGO.
« AkiraBot has targeted more than 400,000 websites and successfully spammed at least 80,000 websites since September

Cybersecurity researchers have disclosed details of an artificial intelligence (AI) powered platform called AkiraBot that’s used to spam website chats, comment sections, and contact forms to promote dubious search engine optimization (SEO) services such as Akira and ServicewrapGO.
« AkiraBot has targeted more than 400,000 websites and successfully spammed at least 80,000 websites since September

Lovable, a generative artificial intelligence (AI) powered platform that allows for creating full-stack web applications using text-based prompts, has been found to be the most susceptible to jailbreak attacks, allowing novice and aspiring cybercrooks to set up lookalike credential harvesting pages.
« As a purpose-built tool for creating and deploying web apps, its capabilities line up perfectly

Lovable, a generative artificial intelligence (AI) powered platform that allows for creating full-stack web applications using text-based prompts, has been found to be the most susceptible to jailbreak attacks, allowing novice and aspiring cybercrooks to set up lookalike credential harvesting pages.
« As a purpose-built tool for creating and deploying web apps, its capabilities line up perfectly

A Chinese-affiliated threat actor known for its cyber-attacks in Asia has been observed exploiting a security flaw in security software from ESET to deliver a previously undocumented malware codenamed TCESB.
« Previously unseen in ToddyCat attacks, [TCESB] is designed to stealthily execute payloads in circumvention of protection and monitoring tools installed on the device, » Kaspersky said in an

A Chinese-affiliated threat actor known for its cyber-attacks in Asia has been observed exploiting a security flaw in security software from ESET to deliver a previously undocumented malware codenamed TCESB.
« Previously unseen in ToddyCat attacks, [TCESB] is designed to stealthily execute payloads in circumvention of protection and monitoring tools installed on the device, » Kaspersky said in an

GitGuardian’s State of Secrets Sprawl report for 2025 reveals the alarming scale of secrets exposure in modern software environments. Driving this is the rapid growth of non-human identities (NHIs), which have been outnumbering human users for years. We need to get ahead of it and prepare security measures and governance for these machine identities as they continue to be deployed, creating an

GitGuardian’s State of Secrets Sprawl report for 2025 reveals the alarming scale of secrets exposure in modern software environments. Driving this is the rapid growth of non-human identities (NHIs), which have been outnumbering human users for years. We need to get ahead of it and prepare security measures and governance for these machine identities as they continue to be deployed, creating an

Microsoft has revealed that a now-patched security flaw impacting the Windows Common Log File System (CLFS) was exploited as a zero-day in ransomware attacks aimed at a small number of targets.
« The targets include organizations in the information technology (IT) and real estate sectors of the United States, the financial sector in Venezuela, a Spanish software company, and the retail sector in

Microsoft has revealed that a now-patched security flaw impacting the Windows Common Log File System (CLFS) was exploited as a zero-day in ransomware attacks aimed at a small number of targets.
« The targets include organizations in the information technology (IT) and real estate sectors of the United States, the financial sector in Venezuela, a Spanish software company, and the retail sector in