US cyber agency CISA exposed reams of passwords and cloud keys to the open web

The federal cybersecurity agency left plaintext passwords in a spreadsheet uploaded to a public GitHub repository, per a ...

SHub macOS infostealer variant spoofs Apple security updates

A new variant of the 'SHub' macOS infostealer uses AppleScript to show a fake security update message and installs a backdoor ...
TechSpot

A security researcher says Microsoft secretly built a backdoor into BitLocker, releases an exploit to prove it

The Epitome of WTF: A researcher known as "Nightmare-Eclipse" recently released YellowKey, a security vulnerability that allegedly enables a full bypass of BitLocker's full-volume encryption. The ...

Fired hacker twins forget to end Teams recording, capture own crimes

Neither brother is currently in Texas; both are in federal prison. Sohaib was found guilty at trial last week, while Muneeb ...
Decrypt

OpenAI Confirms Security Breach Linked to AI Malware Campaign

OpenAI says malware tied to the Shai-Hulud supply chain attack accessed internal repositories after infecting two employee ...
Microsoft

Exposing Fox Tempest: A malware-signing service operation

Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other ...
Decrypt

Fake OpenAI Repo Hit #1 on Hugging Face—And Stole Passwords While It Trended

A fake repo impersonating the OpenAI Privacy Filter model racked up 244,000 downloads in under 18 hours before Hugging Face ...
Microsoft

How Storm-2949 turned a compromised identity into a cloud-wide breach

Microsoft Threat Intelligence recently uncovered a methodical, sophisticated, and multi-layered attack, where a threat actor we track as Storm-2949 launched a relentless campaign with a singular focus ...