Russian hacker uses multiple AI tools to break hundreds of firewalls

A low-skilled threat actor was able to do a lot with the help of AI, Amazon researchers warn.
The Hacker News

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb

Researchers uncover wormable XMRig campaign using BYOVD exploit and LLM-built React2Shell attacks hitting 90+ hosts.
CSO Online

Russian group uses AI to exploit weakly-protected Fortinet firewalls, says Amazon

The report warns CSOs that while AI is helping unsophisticated threat actors, failure to implement cybersecurity basics is fatal regardless of the attacker's skill.
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...

QuickLens Chrome extension steals crypto, shows ClickFix attack

A Chrome extension named "QuickLens - Search Screen with Google Lens" has been removed from the Chrome Web Store after it was ...

OpenClaw Users Are Allegedly Bypassing Anti-Bot Systems

An open source project called Scrapling is gaining traction with AI agent users who want their bots to scrape sites without ...

AI helps novice threat actor compromise FortiGate devices in dozens of countries

Generative AI tools analyzed target networks and wrote exploit code, enabling an opportunistic attacker to have an outsized ...

Fake CAPTCHA attacks exploded by 563% last year: How to spot them and stay safe online

Fake CAPTCHA attacks exploded by 563% last year: How to spot them and stay safe online ...

This simple ChatGPT trick helps you spot scams before you click or respond

Malwarebytes will scan the details and provide information about the sender, any available threat intelligence, and quick options to report it or review common warning signs. It will also tell you if ...