Rashmi Ramesh reports: A well-phrased email was all an attacker would have needed to trick Microsoft Copilot into handing over sensitive data until the operating system giant patched the vulnerability. The vulnerability in Microsoft 365 Copilot allowed attackers to extract sensitive data through a zero-click prompt injection attack, said researchers from Aim Security. Dubbed “EchoLeak” and tracked…
Alexander Castro reports: A cybercriminal group breached the state’s public benefits portal last July, lingered inside the network’s backend for five months, and triggered hundreds of firewall alerts when it transferred gigabytes of Rhode Islanders’ data to its own servers in November. But RIBridges system vendor and manager Deloitte, a multinational firm valued at $67.2 billion last…
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that’s capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others. The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox,
Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index (PyPI) repository that’s designed to reroute trading orders placed on the MEXC cryptocurrency exchange to a malicious server and steal tokens. The package, ccxt-mexc-futures, purports to be an extension built on top of a popular Python library named ccxt (short for CryptoCurrency…
Trader Edge reports: A Russian-Israeli citizen allegedly involved in the $190 million Nomad bridge hack from 2022 has been arrested in Israel and faces extradition to the United States. Alexander Gurevich was apprehended at Ben-Gurion Airport on May 1 while attempting to board a flight to Russia. Gurevich is accused of being the first to…
Cybersecurity researchers have disclosed a critical unpatched security flaw impacting TI WooCommerce Wishlist plugin for WordPress that could be exploited by unauthenticated attackers to upload arbitrary files. TI WooCommerce Wishlist, which has over 100,000 active installations, is a tool to allow e-commerce site customers to save their favorite products for later and share the lists…
Daryna Antoniuk reports: A Russian court sentenced a former hospital programmer to 14 years in a high-security penal colony for allegedly leaking personal data of Russian soldiers to Ukraine, authorities said. The court in the Russian Irkutsk region found 37-year-old Alexander Levchishin guilty of treason after he copied electronic medical records of Russian military personnel from…
