Posts

KnowBe4 - Fake Video Meeting Invites Trick Users Into Installing RMM Tools

Image
Threat actors are using phony meeting invites for Zoom, Microsoft Teams, Google Meet, and other video conferencing applications to trick users into installing remote monitoring and management (RMM) tools, according to researchers at Netskope. from Human Risk Management Blog https://blog.knowbe4.com/fake-video-meeting-invites-trick-users-into-installing-rmm-tools
Post a Comment
Read more

The Hacker News - RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence (AI)-driven vulnerability has been codenamed RoguePilot by Orca Security. It has since been patched by Microsoft following responsible disclosure. "Attackers can craft hidden instructions inside a from The Hacker News https://thehackernews.com/2026/02/roguepilot-flaw-in-github-codespaces.html
Post a Comment
Read more

Schneier - Is AI Good for Democracy?

Politicians fixate on the global race for technological supremacy between US and China. They debate geopolitical implications of chip exports, latest model releases from each country, and military applications of AI. Someday, they believe, we might see advancements in AI tip the scales in a superpower conflict. But the most important arms race of the 21st century is already happening elsewhere and, while AI is definitely the weapon of choice, combatants are distributed across dozens of domains. Academic journals are flooded with AI-generated papers, and are turning to AI to help review submissions. Brazil’s court system started using AI to triage cases, only to face an increasing volume of cases filed with AI help. Open source software developers are being overwhelmed with code contributions from bots. Newspapers , music , social media , education , investigative journalism , hiring , and procurement are all being disrupted by a massive expansion of AI use. Each of these is an a...
Post a Comment
Read more

The Hacker News - Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks

The North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team. Broadcom's threat intelligence division said it also identified the same threat actors mounting an unsuccessful attack against a healthcare from The Hacker News https://thehackernews.com/2026/02/lazarus-group-uses-medusa-ransomware-in.html
Post a Comment
Read more

The Hacker News - UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors

The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan, marking a shift from prior attacks aimed at Saudi Arabian entities. The attacks involve the deployment of two distinct backdoors codenamed LuciDoor and MarsSnake, according to a report published by Positive Technologies last week. "The group used several from The Hacker News https://thehackernews.com/2026/02/unsolicitedbooker-targets-central-asian.html
Post a Comment
Read more

Black Hills InfoSec - Social Engineering and Microsoft SSPR: The Road to Pwnage is Paved with Good Intentions  Copy

Image
This scenario simultaneously tests identity confirmation tooling (SSPR, MFA, Conditional Access), how users act under pressure, and the organization's ability to detect and follow-up on social engineering attacks. The post Social Engineering and Microsoft SSPR: The Road to Pwnage is Paved with Good Intentions  Copy appeared first on Black Hills Information Security, Inc. . from Black Hills Information Security, Inc. https://www.blackhillsinfosec.com/social-engineering-and-microsoft-sspr-2/
Post a Comment
Read more

The Hacker News - Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model

Anthropic on Monday said it identified "industrial-scale campaigns" mounted by three artificial intelligence (AI) companies, DeepSeek, Moonshot AI, and MiniMax, to illegally extract Claude's capabilities to improve their own models. The distillation attacks generated over 16 million exchanges with its large language model (LLM) through about 24,000 fraudulent accounts in violation of its terms from The Hacker News https://thehackernews.com/2026/02/anthropic-says-chinese-ai-firms-used-16.html
Post a Comment
Read more