WordPress malware campaign hides payloads in Steam profiles

Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data.
Tech Times

SVG Phishing Emails Bypass Email Security: SANS Flags New MIME-Type Evasion

SVG phishing email attacks are bypassing enterprise email security gateways by hiding JavaScript inside image files and ...

KnowledgeDeliver flaw exploited as a zero-day to install web shells

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.
Cloud Security Alliance

Securing AI Workloads in AWS: Why Bedrock and SageMaker Need Runtime Detection and AI-Powered Response

Attackers use AI to target Bedrock and SageMaker; learn why posture alone fails and how runtime detection and AI-powered ...