Lumma Stealer, coming and going

Blog

Byadmblake May 9, 2025

The high-profile information stealer switches up its TTPs, but keeps the CAPTCHA tactic; we take a deep dive

Blog

Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft

Cybersecurity researchers have demonstrated an “end-to-end privilege escalation chain” in Amazon Elastic Container Service (ECS) that could be exploited by an attacker to conduct lateral movement, access sensitive data, and seize control of the cloud environment. The attack technique has been codenamed ECScape by Sweet Security researcher Naor Haziz, who presented the findings today at…

Read More Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft
Blog

South Korean Government Imposes Penalties on SK Telecom for Breach

Following a breach at the country’s top mobile provider that exposed 27 million records, the South Korean government imposed a small monetary penalty but stiff regulatory requirements.

Read More South Korean Government Imposes Penalties on SK Telecom for Breach
Blog

Leveraging Behavioral Insights to Counter LLM-Enabled Hacking

As LLMs broaden access to hacking and diversify attack strategies, understanding the thought processes behind these innovations will be vital for bolstering IT defenses.

Read More Leveraging Behavioral Insights to Counter LLM-Enabled Hacking
Blog

ArcaneDoor Attack

rnWhat is the Attack?rnCisco issued an advisory on 24th April, regarding its Adaptive Security Appliances, multifunctional devices combining firewall, VPN, and other security functions. It reported that these appliances had become the focus of state-sponsored espionage, with attackers exploiting two previously unknown vulnerabilities to infiltrate government entities worldwide. In this campaign, two backdoors were deployed:…

Read More ArcaneDoor Attack
Blog

Anthropic’s Mythos Has Landed: Here’s What Comes Next for Cyber

In this latest installment of the Reporters’ Notebook video series, we discuss how the new AI model threatens to completely upend cybersecurity, and what industry leaders are telling the press.

Read More Anthropic’s Mythos Has Landed: Here’s What Comes Next for Cyber
Blog

89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals

Organizations are either already adopting GenAI solutions, evaluating strategies for integrating these tools into their business plans, or both. To drive informed decision-making and effective planning, the availability of hard data is essential—yet such data remains surprisingly scarce. The “Enterprise GenAI Data Security Report 2025” by LayerX delivers unprecedented insights

Read More 89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals

Related