These sorts of adversary-in-the-middle attacks have grown increasingly common. In 2022, for instance, a single group used it in a series of attacks that stole more than 10,000 credentials from 137 organizations, and led to the network compromise of authentication provider Twilio, among others. One company that was targeted in the attack campaign but wasn’t … Read more
By Brian HIll A new study by the Ponemon Institute points to a concerning use of AI: deepfake attacks are on the rise and are taking a financial and reputational toll on companies and their executives. Related: Tools to fight deepfakes Deepfake Deception: How AI Harms the Fortunes and Reputations of Executives and Corporations details the … Read more
A vulnerability previously thought to be a low-priority was cast into the spotlight thanks to a newly revealed exploit in the wild.Administrators were advised to test and install Microsoft’s March security fixes to prevent exploitation of the flaw.Researchers with security vendor CheckPoint report finding active exploits in the wild targeting the Microsoft flaw designated as … Read more
Palo Alto, Calif, Apr. 16, 2025, CyberNewswire — SquareX researchers Jeswin Mathai and Audrey Adeline will be disclosing a new class of data exfiltration techniques at BSides San Francisco 2025. Titled “Data Splicing Attacks: Breaking Enterprise DLP from the Inside Out”, the talk will demonstrate multiple data splicing techniques that will allow attackers to exfiltrate any … Read more
Apr 07, 2025Ravie LakshmananCloud Security / Cryptocurrency A malicious campaign dubbed PoisonSeed is leveraging compromised credentials associated with customer relationship management (CRM) tools and bulk email providers to send spam messages containing cryptocurrency seed phrases in an attempt to drain victims’ digital wallets. “Recipients of the bulk spam are targeted with a cryptocurrency seed phrase … Read more