Jun 17, 2025Ravie LakshmananMalware / Cyber Espionage A now-patched security flaw in Google Chrome was exploited as a zero-day by a threat actor known as TaxOff to deploy a backdoor codenamed Trinper. The attack, observed in mid-March 2025 by Positive… Read More "Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor"
Jun 17, 2025Ravie LakshmananVulnerability / LLM Security Cybersecurity researchers have disclosed a now-patched security flaw in LangChain’s LangSmith platform that could be exploited to capture sensitive data, including API keys and user prompts. The vulnerability, which carries a CVSS score… Read More "LangSmith Bug Could Expose OpenAI Keys and User Data via Malicious Agents"
Jun 17, 2025Ravie LakshmananThreat Intelligence / Identity Security The notorious cybercrime group known as Scattered Spider (aka UNC3944) that recently targeted various U.K. and U.S. retailers has begun to target major insurance companies, according to Google Threat Intelligence Group (GTIG).… Read More "Google Warns of Scattered Spider Attacks Targeting IT Support Teams at U.S. Insurance Firms"
Jun 17, 2025Ravie LakshmananMalware / Email Security Cybersecurity researchers are warning of a new phishing campaign that’s targeting users in Taiwan with malware families such as HoldingHands RAT and Gh0stCringe. The activity is part of a broader campaign that delivered… Read More "Silver Fox APT Targets Taiwan with Complex Gh0stCringe and HoldingHands RAT Malware"
For many organizations, Active Directory (AD) service accounts are quiet afterthoughts, persisting in the background long after their original purpose has been forgotten. To make matters worse, these orphaned service accounts (created for legacy applications, scheduled tasks, automation scripts, or… Read More "Are Forgotten AD Service Accounts Leaving You at Risk?"
Jun 17, 2025Ravie LakshmananBotnet / Vulnerability Cybersecurity researchers have called attention to a new campaign that’s actively exploiting a recently disclosed critical security flaw in Langflow to deliver the Flodrix botnet malware. “Attackers use the vulnerability to execute downloader scripts… Read More "New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks"
Jun 17, 2025Ravie LakshmananPrivacy / Data Protection Meta Platforms on Monday announced that it’s bringing advertising to WhatsApp, but emphasized that the ads are “built with privacy in mind.” The ads are expected to be displayed on the Updates tab… Read More "Meta Starts Showing Ads on WhatsApp After 6-Year Delay From 2018 Announcement"
