SecurityWeek

Other noteworthy stories that might have slipped under the radar: OFAC hits Iranian central bank crypto reserves, ADT data leak, CISA guidance for zero trust in OT.

The maximum reward for a zero-click Pixel Titan M exploit with persistence has increased to $1.5 million.

Ryan Goldberg of Georgia and Kevin Martin of Texas were each sentenced to four years in prison. 

The stealthy Python-based backdoor framework deploys a persistent Windows implant likely designed for espionage.

The new kit aims to address risks related to poisoned models, regulatory issues, supply chain integrity, and incident response.

Threat actors are relying on social engineering to lure users into downloading files containing malicious instructions.

A new alert from the FBI says criminal enterprises are hacking both brokers and carriers to steal cargo for resale.

The compromised Lightning and Intercom packages have a combined monthly download count of nearly 10 million.

With Mythos signaling a new era of near-instant exploitation, Anthropic positions Claude Security to help defenders keep pace.

Industrialized cybercrime delivers attacks with greater scale, speed and success. Defenders must match this with use of AI and automation.

The bugs could be exploited to bypass security controls, access restricted services, and crash firewalls.

The Mini Shai-Hulud attack introduced a preinstall hook to fetch and execute a Bun binary and bypass security monitoring.

An attacker could have planted a malicious configuration to execute commands outside the sandbox.

Claroty researchers discovered two vulnerabilities that can be exploited for security bypass and remote code execution.

The authentication bypass flaw allows attackers to gain administrative access to vulnerable servers.