How recruitment fraud turned cloud IAM into a $2 billion attack surface

Adversaries weaponized recruitment fraud to steal cloud credentials, pivot through IAM misconfigurations, and reach AI ...

OpenAI’s new model leaps ahead in coding capabilities—but raises unprecedented cybersecurity risks

Why OpenAI’s latest coding breakthrough is forcing the company to rethink how—and how fast—it can deploy its most powerful ...
Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable ...
Axios on MSN

Anthropic's newest AI model uncovered 500 zero-day software flaws in testing

Anthropic's latest AI model has found more than 500 previously unknown high-severity security flaws in open-source libraries ...
The Hacker News

ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories

Key cyber updates on ransomware, cloud intrusions, phishing, botnets, supply-chain risks, and nation-state threat activity.

New Research from UpGuard: 1 in 5 Developers Grant AI Vibe Coding Tools Unrestricted Workstation Access

In using AI to improve efficiency, developers are granting extensive permissions to download content from the web, and read, write, and delete files on their machines without requiring developer ...
The Hacker News

Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

Active React2Shell exploitation uses malicious NGINX configurations to hijack web traffic, targeting Baota panels, Asian TLDs, and government domains.