Dark Reading

'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows

By targeting the automated workflows around repositories with targeted pull requests, attackers can potentially target ...
The Hacker News

Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data

Salesforce disabled Klue Battlecards integration after attackers used compromised OAuth tokens to access customer CRM data ...

FortiBleed campaign used custom FortiGate sniffer to steal credentials

Security firm SOCRadar says the large-scale FortiBleed campaign targeting Fortinet FortiGate devices used custom sniffers to ...
Developer Tech

AI agent breaches Fedora software supply chain

A rogue AI agent using compromised developer credentials breached the Fedora software supply chain and merged defective code ...

Hackers Just Hit a State Wildlife Database in a Massive Security Breach. Experts Warn Others Could Be Next

State officials have confirmed that a major vendor breach exposed driver's licenses and passport numbers. Cybersecurity ...

I let Claude audit my messy Home Assistant setup, and it was a massive wake-up call

I gave Claude access to my Home Assistant. It helped me audit, debug, and improve my smart home better than I ever could have ...

124 million passwords added to breach database. Yours may be in there, too

Have I Been Pwned has added 56 million email addresses and 124 million passwords collected from infostealer malware to its ...
techtimes

Credential Stuffing Risk Spikes: 24 Billion Stolen Passwords Linked to Live Exploit Data

Security researchers at Cybernews discovered on June 12 what they describe as one of the largest credential databases ever left exposed online — a publicly accessible Elasticsearch cluster holding 24 ...
LondonLovesBusiness

Open Source Intelligence, or OSINT, involves collecting and analysing information that is publicly available online

Uncover the power of Open Source Intelligence. Learn how to collect and analyse publicly available information effectively.
latesthackingnews.com

LiteLLM Vulnerability Chain: What Security Teams Running AI Gateways Need to Do Now

A three-CVE chain lets any default LiteLLM user escalate to admin and get a shell on the gateway server. A separate RCE is ...
Krebs on Security

Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts

The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions ...

Only 13% of Australian firms can stop a rogue AI agent: Okta expands Cross App Access with Anthropic, Canva and Atlassian aboard

Australian organisations are pushing AI agents into production faster than they can govern them. Most can't see what those ...