Posts

The Hacker News - Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries

The threat actor behind the recently disclosed artificial intelligence (AI)-assisted campaign targeting Fortinet FortiGate appliances leveraged an open-source, AI-native security testing platform called CyberStrikeAI to execute the attacks. The new findings come from Team Cymru, which detected its use following an analysis of the IP address ("212.11.64[.]250") that was used by the suspected from The Hacker News https://thehackernews.com/2026/03/open-source-cyberstrikeai-deployed-in.html
Post a Comment
Read more

KnowBe4 - How Risky is Sending a Sensitive Work Email to the Wrong Person?

Image
Sending a work email to the wrong person – it’s something all of us have done at least once in our working lives. For some people, it’s a regular occurrence. But just how risky is it? from Human Risk Management Blog https://blog.knowbe4.com/risk-of-misdirected-sensitive-emails
Post a Comment
Read more

Schneier - On Moltbook

The MIT Technology Review has a good article on Moltbook, the supposed AI-only social network: Many people have pointed out that a lot of the viral comments were in fact posted by people posing as bots. But even the bot-written posts are ultimately the result of people pulling the strings, more puppetry than autonomy. “Despite some of the hype, Moltbook is not the Facebook for AI agents, nor is it a place where humans are excluded,” says Cobus Greyling at Kore.ai, a firm developing agent-based systems for business customers. “Humans are involved at every step of the process. From setup to prompting to publishing, nothing happens without explicit human direction.” Humans must create and verify their bots’ accounts and provide the prompts for how they want a bot to behave. The agents do not do anything that they haven’t been prompted to do. I think this take has it mostly right: What happened on Moltbook is a preview of what researcher Juergen Nittner II calls “The LOL WUT The...
Post a Comment
Read more

The Hacker News - Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication

Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor authentication (MFA) protections. It's advertised as a cybercrime platform by a threat group calling itself Jinkusu, granting customers access to a dashboard that lets them select a brand to impersonate or enter a brand's real URL. It also lets from The Hacker News https://thehackernews.com/2026/03/starkiller-phishing-suite-uses-aitm.html
Post a Comment
Read more

The Hacker News - Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets

Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers. The activity, the company said, targets government and public-sector organizations with the end goal of redirecting victims to attacker-controlled infrastructure without stealing their tokens. It described from The Hacker News https://thehackernews.com/2026/03/microsoft-warns-oauth-redirect-abuse.html
Post a Comment
Read more

The Hacker News - SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains

The threat activity cluster known as SloppyLemming has been attributed to a fresh set of attacks targeting government entities and critical infrastructure operators in Pakistan and Bangladesh. The activity, per Arctic Wolf, took place between January 2025 and January 2026. It involves the use of two distinct attack chains to deliver malware families tracked as BurrowShell and a Rust-based from The Hacker News https://thehackernews.com/2026/03/sloppylemming-targets-pakistan-and.html
Post a Comment
Read more