Cyber News & Articles

Chinese companies linked to the state-sponsored hacking group known as Silk Typhoon (aka Hafnium) have been identified as behind over a dozen technology patents, shedding light on the shadowy cyber contracting ecosystem and its offensive capabilities.
The patents cover forensics and intrusion tools that enable encrypted endpoint data collection, Apple device forensics, and remote access to

In this article, we will provide a brief overview of Pillar Security’s platform to better understand how they are tackling AI security challenges.
Pillar Security is building a platform to cover the entire software development and deployment lifecycle with the goal of providing trust in AI systems. Using its holistic approach, the platform introduces new ways of detecting AI threats, beginning

Apple on Tuesday released security updates for its entire software portfolio, including a fix for a vulnerability that Google said was exploited as a zero-day in the Chrome web browser earlier this month.
The vulnerability, tracked as CVE-2025-6558 (CVSS score: 8.8), is an incorrect validation of untrusted input in the browser’s ANGLE and GPU components that could result in a sandbox escape via

Google has announced that it’s making a security feature called Device Bound Session Credentials (DBSC) in open beta to ensure that users are safeguarded against session cookie theft attacks.
DBSC, first introduced as a prototype in April 2024, is designed to bind authentication sessions to a device so as to prevent threat actors from using stolen cookies to sign-in to victims’ accounts and gain

Threat actors have been observed exploiting a now-patched critical SAP NetWeaver flaw to deliver the Auto-Color backdoor in an attack targeting a U.S.-based chemicals company in April 2025.
“Over the course of three days, a threat actor gained access to the customer’s network, attempted to download several suspicious files and communicated with malicious infrastructure linked to Auto-Color

Google Cloud’s Mandiant Consulting has revealed that it has witnessed a drop in activity from the notorious Scattered Spider group, but emphasized the need for organizations to take advantage of the lull to shore up their defenses.
“Since the recent arrests tied to the alleged Scattered Spider (UNC3944) members in the U.K., Mandiant Consulting hasn’t observed any new intrusions directly

Cybersecurity researchers have disclosed a now-patched critical security flaw in a popular vibe coding platform called Base44 that could allow unauthorized access to private applications built by its users.
“The vulnerability we discovered was remarkably simple to exploit — by providing only a non-secret app_id value to undocumented registration and email verification endpoints, an attacker

The maintainers of the Python Package Index (PyPI) repository have issued a warning about an ongoing phishing attack that’s targeting users in an attempt to redirect them to fake PyPI sites.
The attack involves sending email messages bearing the subject line “[PyPI] Email verification” that are sent from the email address noreply@pypj[.]org (note that the domain is not “pypi[.]org”).
“This is

In episode 61 of The AI Fix, a robot called DeREK goes bananas, OpenAI, Google DeepMind, and Anthropic warn we may lose the ability to see what AI is thinking, a dextrous robot changes its own batteries, the USA unveils its AI action plan, and a human beats AI to win the World Coding Championship.

Also in this week’s episode, Graham reveals why you should never ask a vibe coding app to “clean up” your project, and Mark explains why it was handbags at dawn at the International Mathematical Olympiad.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Over 200,000 websites running a vulnerable version of a popular WordPress plugin could be at risk of being hijacked by hackers.

Read more in my article on the Hot for Security blog.