Artificial intelligence is reshaping cybersecurity on both sides of the battlefield. Cybercriminals are using AI-powered tools to accelerate and automate attacks at a scale defenders have never faced before. Security teams are overwhelmed by an explosion of vulnerability data, tool… Read More "Embedding AI to Cut Noise and Reduce Risk"
OpenAI on Tuesday said it disrupted three activity clusters for misusing its ChatGPT artificial intelligence (AI) tool to facilitate malware development. This includes a Russian‑language threat actor, who is said to have used the chatbot to help develop and refine… Read More "OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks"
Oct 07, 2025Ravie LakshmananMalware / Threat Intelligence A Vietnamese threat actor named BatShadow has been attributed to a new campaign that leverages social engineering tactics to deceive job seekers and digital marketing professionals to deliver a previously undocumented malware called… Read More "BatShadow Group Uses New Go-Based ‘Vampire Bot’ Malware to Hunt Job Seekers"
Oct 07, 2025Ravie LakshmananArtificial Intelligence / Software Security Google’s DeepMind division on Monday announced an artificial intelligence (AI)-powered agent called CodeMender that automatically detects, patches, and rewrites vulnerable code to prevent future exploits. The efforts add to the company’s ongoing… Read More "Google’s New AI Doesn’t Just Find Vulnerabilities — It Rewrites Code to Patch Them"
Oct 07, 2025Ravie LakshmananVulnerability / Cloud Security Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. The vulnerability is… Read More "Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware"
Cybersecurity researchers have charted the evolution of XWorm malware, turning it into a versatile tool for supporting a wide range of malicious actions on compromised hosts. “XWorm’s modular design is built around a core client and an array of specialized… Read More "XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities"
For years, security leaders have treated artificial intelligence as an “emerging” technology, something to keep an eye on but not yet mission-critical. A new Enterprise AI and SaaS Data Security Report by AI & Browser Security company LayerX proves just… Read More "AI Is Already the #1 Data Exfiltration Channel in the Enterprise"
Oct 07, 2025Ravie LakshmananVulnerability / Cloud Security Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances. The vulnerability, tracked as CVE-2025-49844 (aka RediShell), has been… Read More "CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely"
Oct 07, 2025Ravie LakshmananCyber Attack / Ransomware CrowdStrike on Monday said it’s attributing the exploitation of a recently disclosed security flaw in Oracle E-Business Suite with moderate confidence to a threat actor it tracks as Graceful Spider (aka Cl0p), and… Read More "Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks"
Oct 06, 2025Ravie LakshmananMalware / Data Breach Cybersecurity researchers have shed light on a Chinese-speaking cybercrime group codenamed UAT-8099 that has been attributed to search engine optimization (SEO) fraud and theft of high-value credentials, configuration files, and certificate data. The… Read More "Chinese Cybercrime Group Runs Global SEO Fraud Ring Using Compromised IIS Servers"
