Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

UK Post Office Awards £410 Million Contracts to Replace Horizon System After Long-Running Scandal

  Now beginning its largest tech overhaul yet, the UK Post Office handed out £410 million in contracts to Accenture and OneView Commerce. Th...

All the recent news you need to know
TanStack
Cyber Attacks GitHub Report Breach Supply Chain Attack TanStack

GitHub Repo Breach Traced to TanStack NPM Supply-Chain Attack

 

GitHub has confirmed that a breach of its internal repositories is directly linked to the TanStack npm supply-chain attack, demonstrating how a single compromised developer tool can cascade into a major security incident. The company stated that the intrusion began when an employee installed a malicious version of the Nx Console Visual Studio Code extension, which had been poisoned during the wider TanStack compromise. This attack chain allowed threat actors to gain initial access to GitHub's internal infrastructure, ultimately exposing approximately 3,800 internal repositories to unauthorized access. 

The original TanStack attack occurred on May 11, 2026, when the TeamPCP threat group compromised 42 npm packages and published 84 malicious versions in just six minutes. The attackers exploited a sophisticated combination of GitHub Actions vulnerabilities, including a "Pwn Request" attack using pull_request_target abuse, cache poisoning across fork-to-base trust boundaries, and OIDC token extraction from runner memory. This technique produced the first npm supply-chain attack with valid SLSA Build Level 3 attestations, making the malicious packages appear completely legitimate to security scanners and developers. 

The malicious Nx Console extension version 18.95.0 was available on the Visual Studio Marketplace for approximately 18 minutes and on OpenVSX for another 36 minutes before being removed. Despite the short window, the poisoned extension deployed a payload designed to steal credentials and secrets from developer environments, targeting npm, AWS, Kubernetes, GitHub, GCP, and Docker platforms. The Nx development team confirmed that one of their developers was compromised through the TanStack supply-chain leak, which exposed GitHub credentials through the GitHub CLI, allowing attackers to run workflows on their repository as a contributor. 

GitHub's Chief Information Security Officer Alexis Wales confirmed that the company secured the compromised device and rotated critical secrets, prioritizing the highest-impact credentials first. While GitHub has not officially attributed the attack to a specific group, TeamPCP claimed access to GitHub source code and approximately 4,000 repositories of private code on the Breached forum, demanding at least $50,000 for the stolen data. The incident also affected other organizations, including UiPath, Guardrails AI, OpenSearch, and Grafana Labs, which confirmed its GitHub environment breach originated from the same TanStack attack. 

This incident highlights the severe risks of modern software supply chains, where one compromised dependency can ripple across thousands of developers and organizations faster than security teams can respond. The attack demonstrates that even organizations with strong security practices, including two-factor authentication, remain vulnerable to sophisticated supply-chain attacks that exploit trust relationships between packages, build tools, and automated workflows. Developers and security teams must now prioritize hardening CI/CD pipelines,Token rotation, extension verification, and continuous monitoring of package updates as potential attack vectors.
Read more »
Ukraine cyber police
browser session theft Cybercrime Investigation Infostealer malware stolen credentials Telegram cybercrime Ukraine cyber police

Ukrainian Cyber Police Uncover Alleged Infostealer Operation Linked to 18-Year-Old Suspect

 


Ukrainian cyber police, in collaboration with U.S. law enforcement agencies, have identified an 18-year-old resident of Odesa who is suspected of operating an infostealer malware campaign that targeted customers of a California-based online retailer.

Authorities allege that between 2024 and 2025, the suspect used information-stealing malware to compromise users’ devices and obtain browser session data along with account login credentials.

Infostealers are a widely used form of malicious software designed to collect sensitive information from infected systems. The stolen data can include passwords, browser cookies, session tokens, cryptocurrency wallet details, and payment information, which are often exploited for fraud, account takeovers, and illicit resale.

Investigators reported that the operation affected approximately 28,000 customer accounts. Cybercriminals allegedly exploited around 5,800 of those accounts to make unauthorized purchases worth nearly $721,000. The attacks also resulted in direct financial losses of about $250,000, including chargeback-related expenses.

“To carry out the criminal scheme, the attackers used 'infostealer' malware that secretly infected users’ devices, collected login credentials, and transmitted them to servers controlled by the attackers,” the police says.

“The information was then processed and sold through specialized online resources and Telegram bots.”

According to law enforcement officials, the suspect also conducted cryptocurrency transactions with accomplices involved in the scheme.

The session information referenced by investigators reportedly included session tokens, which can allow unauthorized access to online accounts without requiring passwords. In certain situations, these tokens may even enable attackers to bypass multi-factor authentication (MFA) protections.

Police believe the 18-year-old played a key role in the operation by managing the infrastructure used to process, distribute, and exploit stolen session data.

During the investigation, officers carried out searches at two residences connected to the suspect. Authorities seized mobile phones, computer hardware, bank cards, digital storage devices, and additional electronic evidence believed to be linked to the cybercrime activity.

Investigators stated that the evidence includes access to platforms used for selling stolen information, tools for managing compromised accounts, server activity records, and accounts on cryptocurrency exchange services.

While authorities have identified the suspect and collected significant evidence, the official announcement does not indicate that an arrest has been made. This suggests investigators may still be gathering additional information before filing formal charges.

Read more »
WordPress Security
Admin Account Compromise Cyber Threats Data Breach Payment Card Skimmer Plugin Vulnerability Supply Chain Attack Website Takeover WooCommerce Security WordPress Security

WordPress Plugin Security Failure Opens Door to Payment Data Theft


 

Cybercriminals have been actively exploiting a critical flaw in the widely deployed Funnel Builder plugin in order to harvest customer payment information during online transactions in a newly uncovered attack campaign, once again highlighting the security risks that face the WordPress e-commerce ecosystem. 

According to security researchers, attackers are exploiting this vulnerability to silently inject malicious code into WooCommerce checkout pages, transforming legitimate payment workflows into points of data collection that are used to steal payment card information. 

Approximately 40,000 websites are reported to have been infected with the plugin, posing a serious threat to online retailers as the vulnerability exposes sensitive customer data, including payment card information, CVV number, billing information, and other personal identifiers, to unauthorized access. Linked to the discovery was an extensive security incident affecting the WordPress ecosystem, in which researchers discovered malicious code embedded within several widely used plugins, allowing attackers to gain access to vulnerable sites at an administrator level. 

The full scope of the attack is still being investigated, but early indications indicate that a number of plugins with significant installations may have been affected, thereby expanding the attack surface substantially. 

A threat actor may be able to bypass conventional authentication controls by create privileged accounts covertly and gain persistence over website environments. This allows them to manipulate content, exfiltrate sensitive business and customer data, deploy additional malware payloads, or take full control of the affected platform by manipulating site content. It is important to understand how a single compromised plugin component can quickly become a source of global supply chain security concerns, presenting a heightened risk to both website operators and their users. 

Based on further analysis, it was found that the vulnerability emerged from an unauthenticated flaw in Funnel Builder versions before 3.15.0.3, which enabled attackers to manipulate key plugin settings without requiring valid credentials.

More than 40,000 WordPress websites are hosting the plugin, which is widely used by WooCommerce merchants to create customized checkout experiences, landing pages, and sales funnels focused on conversions, amplifying the impact of exploitation. According to Sansec researchers, the malicious activity was associated with a deceptive JavaScript payload disguised as Google Analytics or Google Tag Manager components. 

A WebSocket connection is established between the script and the attacker-controlled infrastructure, and the script abuses a vulnerable checkout endpoint to inject arbitrary code into the plugin's External Scripts configuration. 

By loading malicious JavaScript automatically during checkout pages, a tailored payment skimmer silently captures the customer's credit card numbers, CVV codes, billing details, and other information provided by the customer. It is common for stolen payment data to be monetized through fraudulent purchases or traded on underground carding markets.

FunnelKit has addressed the issue by releasing version 3.15.0.3, and acknowledges unauthorized script injection activity has been reported. The security update must be deployed immediately, but administrators should also inspect checkout-related script configurations for unauthorized entries that may have been introduced prior to the security update implementation. 

A review of software supply chain security within the WordPress ecosystem has also been initiated following the incident. Investigations are underway to determine whether the compromise resulted from vulnerabilities within plugin development workflows, third-party dependencies, or supporting infrastructure utilized during software development. 

The threat actors are increasingly targeting the development environment and shared code libraries, since a successful intrusion can propagate malicious functionality across a wide range of downstream deployments. There are indications that the injected code in this case is intended to circumvent standard authentication controls in order to establish privileged access to the account, perhaps by manipulating back end data structures or abusing application logic responsible for account provisioning.

After gaining access to the administrator-level accounts, attackers have broad control over the affected environment, allowing them to deface the website, steal customer records, and deploy additional malware, as well as maintain persistent access to the environment. As a consequence of the compromise, there are also opportunities for secondary abuse, including the insertion of phishing content, malicious redirects, and SEO spam intended to manipulate search engine rankings without being noticed by site operators. 

Aside from the immediate technical impact, organizations may be liable for considerable recovery costs, regulatory obligations relating to data exposure, incident response expenses, and long-term reputational damage, particularly if customer trust and online transactions form an integral part of their business model. WordPress plugin compromises serve as a reminder that cyber threats are increasingly targeting trusted components that support digital businesses rather than the businesses themselves. 

A number of websites can become entry points for large-scale abuse as attackers continue weaponizing software dependencies, plugin ecosystems, and checkout infrastructure. Organizations which rely on WordPress and WooCommerce require security management that transcends patching vulnerabilities as soon as they are discovered; it is imperative to continuously monitor third-party components, implement strict access controls, detect proactive threats, and regularly review the integrity of the website.

Keeping visibility across the entire application supply chain remains one of the most effective ways to combat emerging threats, particularly in an environment where a single compromised plugin may compromise sensitive customer information.
Read more »
zealot
Artificial Intelligence Authentication ChatGPT Cisco Security Cyber Security GitHub Phishing zealot

Researchers Show How ChatGPT Summaries Could Be Used for Phishing Attacks

 


Researchers have identified a technique that could allow malicious content embedded within a web page to appear inside ChatGPT responses, creating an opportunity for phishing, tracking, and social-engineering attacks through a platform users generally regard as trustworthy.

The attack method, named "ChatGPhish" by cybersecurity firm Permiso Security, focuses on how ChatGPT handles Markdown-formatted content when summarizing information from external websites. Markdown is a commonly used formatting language that allows web content to include elements such as hyperlinks and images.

According to Permiso Security researcher Andi Ahmeti, ChatGPT's web interface trusts Markdown links and image URLs originating from third-party pages that users ask the assistant to summarize. When a response is generated, the platform can automatically retrieve those images and present hyperlinks as active, clickable elements within the chatbot's interface.

In a scenario outlined by the researchers, an attacker could place a small hidden payload within a web page. If a user later asks ChatGPT to summarize that page, the embedded content may become part of the model's processing context. During response rendering, attacker-controlled images could be automatically requested, potentially exposing information such as the visitor's IP address, browser User-Agent string, and Referer data.

The researchers also found that links embedded in a manipulated page could appear as legitimate clickable items inside the AI-generated summary. Beyond directing users to phishing destinations, attackers could display fabricated security notifications, account-warning messages designed to imitate system alerts, or QR codes hosted on attacker-controlled infrastructure such as an Amazon S3 bucket. A victim scanning such a code with a mobile device could be redirected to a malicious destination, bypassing certain desktop-based URL filtering mechanisms and enterprise security controls.

The research adds to a growing body of evidence showing that AI-powered summarization tools can become unintended delivery channels for attacker instructions. Earlier this year, Permiso Security disclosed a separate attack involving Microsoft Copilot, where specially crafted instructions hidden inside an email influenced the output generated by the AI assistant. That technique was classified as a cross-prompt injection attack, also known as indirect prompt injection.

According to the researchers, the primary issue is not simply that prompt injection is possible. The more significant concern is how the manipulated content is ultimately presented to the user. A standard web page summarized by ChatGPT can cause phishing links, deceptive warnings, QR codes, and remotely hosted content to be displayed directly inside the assistant's interface, giving attacker-controlled material an appearance of legitimacy.

As AI assistants become common tools for workplace research, document review, and information gathering, this behavior introduces a new risk. Any web page processed by an employee could potentially contain hidden instructions or malicious content capable of influencing both the generated summary and the way that information is displayed.

Permiso Security noted that this shifts phishing activity beyond traditional delivery methods. Users no longer need to open a suspicious attachment or interact with an obviously fraudulent email. In some cases, simply asking an AI assistant to summarize a webpage may expose them to attacker-controlled content.

The disclosure arrives alongside research from Adversa AI detailing two attack techniques aimed at AI coding assistants and agentic development tools. The first, known as SymJack, allows a malicious code repository to achieve remote code execution through an AI-powered coding assistant.

According to Adversa AI researcher Rony Utevsky, the attack relies on convincing the AI assistant to perform what appears to be a harmless file-copy operation. The destination, however, is a symbolic link pointing to the assistant's own configuration file. As a result, attacker-controlled content is written into the configuration. When the assistant is restarted, a malicious Model Context Protocol (MCP) server is launched and executes arbitrary code using the victim's privileges.

The second technique, called TrustFall, uses a repository containing a malicious MCP server together with configuration settings that automatically approve its execution. A developer only needs to clone or open the repository in an AI coding environment and accept a folder-trust prompt. Once that action is taken, the attacker-controlled MCP server can start automatically without requiring additional tool approval, running with the same operating-system permissions as the developer.

Adversa AI explained that a victim who clones the repository, launches Claude, and accepts the generic trust prompt effectively allows the malicious MCP server to start as a native process on the machine. The payload executes immediately when the server starts, before additional prompts or tool requests occur.

The ChatGPhish findings emerge amid a steady stream of research examining weaknesses in modern AI systems, coding agents, and autonomous workflows.

Researchers recently described a jailbreak method called Involuntary In-Context Learning (IICL), which exploits the tension between a model's contextual learning behavior and its safety mechanisms to bypass protections in GPT-5.4.

Separate research from Cisco found that many AI security evaluations fail to reflect how real-world attackers operate. Rather than relying on a single prompt, attackers often use multiple interactions, gradually changing their wording, adopting different personas, and breaking objectives into smaller steps. Cisco argued that single-turn testing overlooks these techniques because real attacks frequently unfold across extended conversations.

Additional research has uncovered a vulnerability affecting Anthropic Claude Code in which a user-level configuration file, "~/.claude.json," can be altered through a rogue npm package. The attack enables modification of MCP endpoints and can place an attacker between Claude Code and an OAuth-protected MCP server, creating an opportunity to capture authentication tokens used to access downstream software-as-a-service platforms.

Researchers have also documented a technique involving OpenClaw skills that appear harmless during installation but later retrieve remote updates. In one scenario, attackers can influence an AI agent through workspace files after instructing users to append specific content to a file called HEARTBEAT.md during setup.

Another study demonstrated how hidden text embedded inside phishing emails can manipulate AI-based email security products. Attackers concealed text taken from legitimate newsletters and romance novels to make malicious messages appear benign to automated filtering systems.

LayerX researchers separately disclosed a flaw known as ClaudeBleed affecting Claude's Chrome extension. According to the company, any browser extension, including one without elevated permissions, could communicate with Claude's language model through the extension's content script because the code does not adequately verify the source of incoming instructions. This could allow another extension to issue commands and trigger actions through the AI assistant.

Cisco researchers also examined typographic prompt injection attacks against vision-language models. In these attacks, adversarial text is embedded inside images. The manipulated image may appear unreadable or resemble visual noise to humans and OCR-based filters while remaining interpretable to the target AI model.

Other recently disclosed vulnerabilities include flaws in Microsoft Semantic Kernel, tracked as CVE-2026-25592 and CVE-2026-26030, which researchers said could allow prompt-injection attacks to progress into host-level remote code execution.

Researchers additionally described the Neural Exec attack and abuse of the Unicode right-to-left-override function to bypass safety mechanisms protecting Apple's local AI models. The issue has since been addressed in iOS 26.4 and macOS 26.4.

A separate indirect prompt-injection vulnerability known as WebPromptTrap affected BrowserOS, an open-source agentic browser. The technique relied on hidden instructions embedded in an otherwise legitimate article to influence an AI-generated summary and persuade users to approve an authorization request. The issue was patched in BrowserOS version 0.32.0.

Research into the broader AI-agent ecosystem has uncovered persistent security weaknesses. An audit covering 3,984 skills published through ClawHub and skills.sh found that 534 skills, representing 13.4% of the total, contained at least one critical security issue. Researchers also identified 1,467 skills with broader weaknesses, including malware distribution risks, prompt-injection opportunities, exposed secrets, hard-coded API credentials, insecure handling of authentication data, and unsafe exposure to third-party content.

Additional studies identified attacks against NemoClaw, NVIDIA's reference framework for securing OpenClaw agents. Researchers demonstrated methods for extracting OpenClaw data through the platform's default sandbox configuration using either a malicious GitHub repository or a compromised npm package.

Security researchers are increasingly examining how advances in AI capability could affect offensive cyber operations. According to researchers at Palo Alto Networks Unit 42, more capable AI models could allow attackers to exploit both newly discovered and previously known vulnerabilities at a scale, speed, and level of automation that has traditionally required specialized expertise.

Last month, Unit 42 presented a proof-of-concept AI agent called Zealot that was capable of carrying out cloud attack operations with limited human involvement. The system chained together reconnaissance, exploitation, privilege escalation, and data-exfiltration activities by leveraging known weaknesses and misconfigurations.

Researchers argue that cloud environments are particularly susceptible to this type of automation because most administrative functions are accessible through APIs, multiple discovery mechanisms exist for identifying resources, configuration errors remain common, and access control often depends heavily on credentials.

According to Unit 42 researchers Yahav Festinger and Chen Doytshman, current large language models are already capable of coordinating reconnaissance, exploitation, privilege escalation, and data theft activities with relatively little human guidance. The techniques themselves are not necessarily new. What is changing is the speed and scale at which those established attack patterns can now be executed through AI-assisted automation.

Read more »
Technology
AI Threat Bug Bounty Fake Report Generative AI Technology

AI Is Ruining Bug Bounty Programs with Flood of Fake Reports

 

For years, tech giants like Google, OpenAI, and T-Mobile have relied on bug bounty programs as a cornerstone of their cybersecurity strategy. These programs pay independent hackers millions of dollars annually to find and report software flaws before cybercriminals exploit them. The model proved highly effective, with Google alone distributing $10 million to 632 researchers in 2023 alone. However, this once-reliable security ecosystem is now facing a massive crisis due to the rapid advancement of generative AI. 

Generative AI tools are flooding bug bounty platforms with a relentless wave of automated, low-quality, and completely fake vulnerability reports. According to The Financial Times, the problem isn't the volume of submissions but their terrible quality. Bugcrowd, a major platform serving clients like OpenAI, T-Mobile, and Motorola, reported that bug submissions more than quadrupled over just a three-week period in March 2026, with the vast majority proving completely false. Similarly, HackerOne, which serves Google and the US Department of Defense, saw submissions jump 76% in the year leading up to March. 

The surge in fake reports is driven by three distinct groups. First, amateurs use AI chatbots to fabricate reports for flaws that don't actually exist. Second, misled professionals trust flawed data handed to them by AI assistants, unknowingly submitting erroneous reports. Third, automated spammers have created end-to-end scanning systems that mass-produce and submit fake bug reports at scale. This flood of AI-generated "slop" is forcing tech companies to spend hours debunking hallucinated computer code instead of addressing real vulnerabilities.

The consequences are severe. Some organizations have been forced to shut down their payout programs entirely due to the overwhelming volume of fraudulent submissions. Curl, a widely used internet data transfer tool, suspended its paid bug bounty program in January 2026, citing an "explosion in AI slop reports" and a dramatic decline in submission quality. Cybersecurity firms are now implementing stricter validation processes, but the arms race between AI-generated fraud and human verification continues escalating. 

This crisis threatens to undermine a critical pillar of modern cybersecurity. While AI has enabled researchers to identify genuine vulnerabilities more quickly, it has also lowered barriers to entry so dramatically that the system is becoming unusable. Experts warn that without significant reforms to screening processes and validation mechanisms, bug bounty programs could collapse entirely, leaving tech companies more vulnerable to actual cyberattacks than ever before. The future of this billion-dollar security model depends on finding ways to distinguish human insight from AI hallucination.
Read more »
vulnerabilities
Attack Vectors Cyber Attacks Security risk Software vulnerabilities

Enterprise Cyberattacks Accelerate as AI Speeds Threats but Human Errors Remain the Biggest Security Risk

 

Cyberattacks are hitting businesses more often, fueled by automation and AI that accelerate the exploitation of vulnerabilities. Yet despite increasingly sophisticated techniques, experts say human mistakes, weak passwords, and poor access controls remain the biggest causes of successful breaches. While threats continue to evolve, people are still the weakest link in cybersecurity. 

A recent report from Mandiant highlights how cybercriminal groups now operate through specialized teams. One group focuses on gaining access through phishing emails, malicious ads, or fake software updates, while another takes over to move through networks, steal data, or deploy ransomware. Attackers are also moving much faster. The average handoff time between criminal groups fell from more than eight hours in 2022 to just 22 seconds in 2025. 

Vulnerabilities are increasingly exploited within days of disclosure, leaving organizations little time to patch systems before attacks begin. Cyber threats generally fall into two categories: financially motivated criminals seeking ransom payments or stolen data, and espionage-focused actors aiming for long-term, hidden access. While most intrusions are detected within about two weeks, cyber-espionage campaigns often remain unnoticed for more than three months. 

Software vulnerabilities remain the leading attack vector, with technology and financial firms among the most targeted sectors. Researchers also observed a rise in voice-based social engineering, where attackers impersonate employees and contact IT help desks to bypass multi-factor authentication protections. Artificial intelligence is increasingly being used by threat actors for reconnaissance, phishing, and malware development. Some malicious tools even search compromised systems for AI-related credentials and resources. 

However, researchers stress that AI is rarely the direct cause of breaches. Most incidents still stem from human error, weak security practices, misconfigurations, and excessive permissions. Ransomware attacks are evolving as well. Instead of only encrypting files, attackers now target backup systems, virtualization platforms, and recovery tools. By disabling recovery options, they increase pressure on victims to pay ransom demands. There are positive signs for defenders. 

More organizations are detecting attacks internally through improved visibility, monitoring, and threat detection capabilities. Earlier discovery allows security teams to respond faster and reduce potential damage. Experts recommend stronger identity protection, continuous access verification, isolated backup environments, centralized login management, and behavior-based monitoring systems. 

As cyber threats continue to accelerate, many security professionals believe identity security has become the new perimeter, making proactive defense more important than ever.
Read more »
Subscribe to: Posts (Atom)

Featured