Dark Reading

APT41 Delivers 'Zero-Detection' Backdoor to Harvest Cloud Credentials

The China-backed threat group is targeting AWS, Google, Azure, and Alibaba cloud environments and using typosquatting to ...
CNET

The Feds Took Down a 'Full-Service Cybercrime Platform' Behind $20M in Phishing

The W3LL phishing kit helped criminals steal tens of thousands of account credentials, primarily targeting Microsoft 365 ...
InfoWorld

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says.

Researchers discover malicious AI agent routers that can steal crypto

Some AI API routers can steal crypto private keys and inject malicious code, researchers warned in a new security study.

The silent “Storm”: New infostealer hijacks sessions, decrypts server-side

New "Storm" infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA.
CyberGuy

Why your home Wi-Fi needs more than just a strong password

A strong Wi-Fi password is not enough. Learn who can still see your data and how a VPN helps protect your privacy at home ...