Sophos AI at Black Hat USA ’25: Anomaly detection betrayed us, so we gave it a new job
Following on from our preview, here’s Ben Gelman and Sean Bergeron’s research on enhancing command line classification with benign anomalous data
Similar Posts
ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers
Bys sThree different ClickFix campaigns have been found to act as a delivery vector for the deployment of a macOS information stealer called MacSync. “Unlike traditional exploit-based attacks, this method relies entirely on user interaction – usually in the form of copying and executing commands – making it particularly effective against users who may not appreciate…
OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills
Bys sOpenClaw (formerly Moltbot and Clawdbot) has announced that it’s partnering with Google-owned VirusTotal to scan skills that are being uploaded to ClawHub, its skill marketplace, as part of broader efforts to bolster the security of the agentic ecosystem. “All skills published to ClawHub are now scanned using VirusTotal’s threat intelligence, including their new Code Insight…
A Brief Reminder About the Florida Information Protection Act
Bys sJoseph Lazzarotti of JacksonLewis writes: According to one survey, Florida is fourth on the list of states with the most reported data breaches. No doubt, data breaches continue to be a significant risk for all business, large and small, across the U.S., including the Sunshine State. Perhaps more troubling is that class action litigation is more…
TamperedChef serves bad ads, with infostealers as the main course
Bys sSophos X-Ops explores a malvertising campaign that leverages Google Ads to distribute an infostealer Categories: Threat Research Tags: TamperedChef, EvilAI, infostealer, Sophos X-Ops
Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens
Bys sCybersecurity researchers have disclosed details of a new malicious package on the npm repository that works as a fully functional WhatsApp API, but also contains the ability to intercept every message and link the attacker’s device to a victim’s WhatsApp account. The package, named “lotusbail,” has been downloaded over 56,000 times since it was first…
Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt
Bys sThreat actors with ties to Iran engaged in cyber warfare as part of efforts to facilitate and enhance physical, real-world attacks, a trend that Amazon has called cyber-enabled kinetic targeting. The development is a sign that the lines between state-sponsored cyber attacks and kinetic warfare are increasingly blurring, necessitating the need for a new category…