News

Qilin affiliates spear-phish MSP ScreenConnect admin, targeting customers downstream

Bys s April 1, 2025

Attack matches three-year long pattern of ScreenConnect attacks tracked by Sophos MDR as STAC4365.

News

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN
Bys s February 24, 2026

A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence (AI)-driven vulnerability has been codenamed RoguePilot by Orca Security. It has since been patched by Microsoft following responsible disclosure. “Attackers can craft hidden instructions inside a

Read More RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN
News

JPMorgan Claims Ex-Advisor In Fla. Stole Trade Secrets To Poach Clients For LPL
Bys s January 15, 2026

Jacqueline Sergeant reports: JPMorgan is seeking a temporary restraining order and injunctive relief in federal court against a former advisor, alleging he stole confidential information and is using it to solicit the firm’s clients to join him at his new affiliate, LPL Financial. In its complaint, filed yesterday in the U.S. District Court for the……

Read More JPMorgan Claims Ex-Advisor In Fla. Stole Trade Secrets To Poach Clients For LPL
News

Russian Cyberspies Caught Spear-Phishing with QR Codes, WhatsApp Groups
Bys s January 16, 2025

Microsoft researchers catches Russia’s Star Blizzard hackers spear-phishing with QR codes and WhatsApp group chats. The post Russian Cyberspies Caught Spear-Phishing with QR Codes, WhatsApp Groups appeared first on SecurityWeek.

Read More Russian Cyberspies Caught Spear-Phishing with QR Codes, WhatsApp Groups
News

FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE
Bys s December 15, 2025

Multiple security vulnerabilities have been disclosed in the open-source private branch exchange (PBX) platform FreePBX, including a critical flaw that could result in an authentication bypass under certain configurations. The shortcomings, discovered by Horizon3.ai and reported to the project maintainers on September 15, 2025, are listed below – CVE-2025-61675 (CVSS score: 8.6) – Numerous

Read More FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE
News

Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification
Bys s February 11, 2025

Google has stepped in to clarify that a newly introduced Android System SafetyCore app does not perform any client-side scanning of content. “Android provides many on-device protections that safeguard users against threats like malware, messaging spam and abuse protections, and phone scam protections, while preserving user privacy and keeping users in control of their data,”…

Read More Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification
News

Russian national and leader of Qakbot malware conspiracy indicted in long-running global ransomware scheme
Bys s May 22, 2025

Operation Endgame had teased the announcement earlier today in a video called, “My Happy Lie — Cortes.” Now the Department of Justice has issued the following press release about Rafailevich Gallyamov, aka “Cortes” and other aliases: A federal indictment unsealed today charges Rustam Rafailevich Gallyamov, 48, of Moscow, Russia, with leading a group of cyber criminals who…

Read More Russian national and leader of Qakbot malware conspiracy indicted in long-running global ransomware scheme

Similar Posts