Google report: AI is accelerating cloud cyberattacks, and one weak link stands out

Google's latest threat report warns that third-party tools are now prime targets for attackers - and businesses have only days to prepare defenses.
CSOonline

Overly permissive ‘guest’ settings put Salesforce customers at risk

Salesforce warns that a threat campaign is exploiting overly permissive Experience Cloud guest configurations to harvest data from public portals. Salesforce is urging its customers to review their ...
eWeek

OpenAI Acquires Cybersecurity Startup Promptfoo to Strengthen AI Agent Security

OpenAI is acquiring Promptfoo to strengthen AI agent security, adding enterprise testing tools for jailbreaks, prompt injections, data leaks, and governance.
Dark Reading

Chinese Cyber Threat Lurks In Critical Asian Sectors for Years

An undefined Chinese-speaking actor wields a combo of custom malware, open source tools, and LOTL binaries against Windows ...
The Hacker News

Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT

VOID#GEIST malware campaign delivers XWorm, AsyncRAT, and Xeno RAT using batch scripts, Python loaders, and explorer.exe ...
Dark Reading

Cyberattack on Mexico's Gov't Agencies Highlight AI Threat

Using Anthropic and OpenAI's AI systems — and a detailed playbook prompt — cyberattackers gained access to Mexico's agencies ...
The Hacker News

Iran-Linked MuddyWater Hackers Target U.S. Networks With New Dindoor Backdoor

Iran-linked MuddyWater hackers breached U.S. networks with new Dindoor malware as regional cyber attacks escalate amid Middle East conflict.

Iran intelligence backdoored US bank, airport, software outfit networks

The FBI, US Cybersecurity and Infrastructure Security Agency (CISA), and UK National Cyber Security Centre (NCSC) say ...
GovInfoSecurity

Nation-State Hackers Play the Vibes

All the nation-state hackers are vibe coding. Vibeware won't win any coding awards. It's not pretty. It doesn't target any ...