SecurityWeek

CryptoBandits Malware Doubles as a Backdoor, Abuses Tor

The Windows-based CryptoBandits cryptocurrency clipper blends data exfiltration and remote code execution in a backdoor.

From PGP to Mythos: a brief history of export controls that didn’t stop anyone

For the last 30 years, stopping the flow of cybersecurity-related software has proven to be ineffective. It's unclear why it ...

The Steam Workshop is being used to spread malware to thousands of users

Steam is one of the most popular storefronts in PC gaming, but it turns out that the Steam Workshop might presently be ...

Microsoft discovers new lightweight backdoor that steals cryptocurrency

Microsoft says it has detected new self-propagating malware that spreads through USB drives in search of cryptocurrency ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...
Decrypt

Florida Man 'Bitcoin Rodney' Pleads Guilty Over $1.8 Billion HyperFund Crypto Fraud

A Miami-based man who went by the name “Bitcoin Rodney” pleaded guilty for his role in what prosecutors said was a massive ...

Python dev saved from disaster by intuition... and AI

Python developer Roman Imankulov nearly took the bait. The fact that he didn't can be chalked up to human intuition and AI ...

Databricks acquires cyberattack detection startup Panther

Panther is the third cybersecurity startup that the company has acquired since the start of the year. Databricks previously ...

Critical Copilot vulnerability allowed hackers to steal 2FA code from users

Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the ...
latesthackingnews.com

LiteLLM Vulnerability Chain: What Security Teams Running AI Gateways Need to Do Now

A three-CVE chain lets any default LiteLLM user escalate to admin and get a shell on the gateway server. A separate RCE is ...

I've reviewed every PDF editor out there - then I had ChatGPT build me a better one

The smartest way to use AI may not be letting it interact with your files, but asking it to write software that handles them ...