The strange tale of ischhfd83: When cybercriminals eat their own

New guidance includes a list of 10 best practices to protect sensitive data throughout the AI lifecycle as well as addressing supply chain and data poisoning risks.

Attackers can abuse malicious extensions to access critical data, including credentials, but organizations can reduce the risks by raising awareness and enforcing strict policy controls.

An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code. “The actor creates websites that masquerade as legitimate services, productivity tools, ad and media creation or analysis

A team of academics has devised a novel attack that can be used to downgrade a 5G connection to a lower generation without relying on a rogue base station (gNB). The attack, per the ASSET (Automated Systems SEcuriTy) Research Group at the Singapore University of Technology and Design (SUTD), relies on a new open-source software…

Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions. The vulnerabilities, detailed by the Qualys Threat Research Unit (TRU), are listed below – CVE-2025-26465 – The OpenSSH client

To build a truly inclusive and diverse cybersecurity workforce, we need a comprehensive approach beyond recruitment and retention.