Dark Reading

Cacti Monitoring Tool Spiked by Critical SQL Injection Vulnerability

A critical vulnerability in the Cacti Web-based open source framework for monitoring network performance gives attackers a way to disclose Cacti's entire database contents — presenting a prickly risk ...
Security Boulevard

Best of 2025: Indirect prompt injection attacks target common LLM data sources

While the shortest distance between two points is a straight line, a straight-line attack on a large language model isn't always the most efficient — and least noisy — way to get the LLM to do bad ...
MacTech

New macOS malware dubbed ‘FrigidStealer’ uses web inject campaigns

Proofpoint has identified a new MacOS malware delivered via web inject campaigns that researchers dubbed “FrigidStealer.” The data protection company says the web inject campaign landscape is ...
Dark Reading

Millions at Risk As 'Parrot' Web Server Compromises Take Flight

Threat actors behind a traffic redirect system (TDS) that's been active since October 2021 have ramped up efforts to elude detection and can potentially reach millions of people with malicious scripts ...
Threat Post

Attackers Use Event Logs to Hide Fileless Malware

A sophisticated campaign utilizes a novel anti-detection method. Researchers have discovered a malicious campaign utilizing a never-before-seen technique for quietly planting fileless malware on ...
Hackaday

Inject Keystrokes Any Way You Like With This Bluetooth Keystroke Injector

[Amirreza Nasiri] sends in this cool USB keystroke injector. The device consists of an Arduino, a Bluetooth module, and an SD card. When it’s plugged into the target computer the device loads the ...
Bleeping Computer

Windows Explorer Used by Mailto Ransomware to Evade Detection

A newly discovered Mailto (NetWalker) ransomware strain can inject malicious code into the Windows Explorer process so that the malware can evade detection. While this ransomware first spotted in ...