Hackers exploit critical auth bypass in Gitea Docker image
Hackers are actively exploiting a critical vulnerability in the official Docker image for the Gitea self-hosted Git service that allows attackers to impersonate any user, including administrators.
Money launderer accused of stealing seized crypto while in prison
A Bulgarian national has been charged with stealing $290,000 in government-seized cryptocurrency while serving 121 months in prison for helping launder millions stolen from American fraud victims.
The Replicant in Your Directory: AI Agents and the Identity Security Gap
AI agents are accelerating the growth of non-human identities, making it harder for organizations to understand what exists, who owns it, and what it can access. Netwrix explains why stronger visibility and identity governance are essential...
Zimbra urges customers to patch critical web client XSS flaw
The Zimbra security team urged customers to patch a critical vulnerability affecting the Classic Web Client used to access the Zimbra Collaboration suite.
Former ransomware negotiator gets 4 years for BlackCat attacks
A former employee of cybersecurity incident response company DigitalMint was sentenced to 70 months in prison for targeting U.S. companies in BlackCat (ALPHV) ransomware attacks.
OpenMandriva Linux says contributor tried to sabotage the project
The OpenMandriva Linux project announced that it was the target of an attempted act of internal sabotage after a dispute among contributors.
Injective SDK on npm infected with cryptocurrency wallet stealer
Hackers compromised the Injective Labs SDK project's GitHub repository and used it to publish a malicious package on the Node Package Manager (npm) that stole cryptocurrency wallet private keys and mnemonic seed phrases.
New Helix vishing group emerges in SharePoint data theft attacks
A new data-extortion group called Helix is using identity-focused tactics such as voice phishing (vishing), device code phishing, and multi-factor authentication (MFA) abuse to steal data from SharePoint environments.
Microsoft expects more Windows security updates from AI-discovered flaws
Microsoft says Windows users should expect to see an increase in security updates as the company increasingly relies on artificial intelligence to discover vulnerabilities in its codebase.
New Forg365 phishing platform uses AI to target Microsoft 365 accounts
A new phishing-as-a-service (PhaaS) operation called Forg365 focuses on stealing Microsoft 365 accounts by combining adversary-in-the-middle (AiTM) and device code methods with AI-assisted lure generation.
15 loaded