‘ReVault’ Security Flaws Impact Millions of Dell Laptops
The now-patched vulnerabilities exist at the firmware level and enable deep persistence on compromised systems.
Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft
Cybersecurity researchers have demonstrated an “end-to-end privilege escalation chain” in Amazon Elastic Container Service (ECS) that could be exploited by an attacker to conduct lateral movement, access sensitive data, and seize control of the cloud environment. The attack technique has been codenamed ECScape by Sweet Security researcher Naor Haziz, who presented the findings today at…
VexTrio Cybercrime Outfit Run by Legit Ad Tech Firms
New research reveals that a malicious traffic distribution system (TDS) is run not by “hackers in hoodies,” but by a series of corporations operating in the commercial digital advertising industry.
Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams
The malicious ad tech purveyor known as VexTrio Viper has been observed developing several malicious apps that have been published on Apple and Google’s official app storefronts under the guise of seemingly useful applications. These apps masquerade as VPNs, device “monitoring” apps, RAM cleaners, dating services, and spam blockers, DNS threat intelligence firm Infoblox said…
Google Gemini AI Bot Hijacks Smart Homes, Turns Off the Lights
Using invisible prompts, the attacks demonstrate a physical risk that could soon become reality as the world increasingly becomes more interconnected with artificial intelligence.
Attackers Exploit Critical Trend Micro Apex One Zero-Day Flaw
Two critical vulnerabilities affect the security vendor’s management console, one of which is under active exploitation. The company has updated cloud-based products but won’t have a patch for its on-premises version until mid-August.
Shared secret: EDR killer in the kill chain
A look under the hood at a tool designed to disable protections
What CMMC 3.0 Really Means for Government Contractors
The ultimate goal of CMMC 3.0 is not just compliance — it’s resilience.
Phishers Abuse Microsoft 365 to Spoof Internal Users
The “Direct Send” feature simplifies internal message delivery for trusted systems, and the campaign successfully duped both Microsoft Defender and third-party secure email gateways.
AI Slashes Workloads for vCISOs by 68% as SMBs Demand More – New Report Reveals
As the volume and sophistication of cyber threats and risks grow, cybersecurity has become mission-critical for businesses of all sizes. To address this shift, SMBs have been urgently turning to vCISO services to keep up with escalating threats and compliance demands. A recent report by Cynomi has found that a full 79% of MSPs and…