The Hacker News

Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets

Tomiris is using public-service C2 implants and new phishing chains to stealthily deploy multi-language malware across targeted government networks.
Axios on MSN

Exclusive: Researchers trick Claude plug-in into deploying ransomware

An AI tool that Claude uses to automate tasks can be easily weaponized to execute ransomware, Cato Networks found in new ...

AI is reportedly 'democratising' cybercrime by making it easier than ever for bad guys with limited tech skills to have a crack ransomware and other malicious code

Apparently, there are a couple of LLMs which are gaining traction with cybercriminals. That's led researchers at Palo Alto ...
The Manila Times on MSN

Fake adult websites deploy realistic Windows Update screen to spread malware — researchers

A new cyberattack is using cloned adult websites and a convincing full-screen Windows Update display to trick users into running malicious commands that install multiple password-stealing malware, ...
CSO Online

ToddyCat APT evolves to target Outlook archives and Microsoft 365 tokens

The new ToddyCat tooling shifts the group’s focus from browser theft to extracting Outlook mail archives and Microsoft 365 ...
Redmondmag.com

Microsoft Locks Down Entra ID Authentication with Script Injection Blocking

Microsoft is tightening security around its Entra ID sign-in process by blocking external script injection, a move that could force some orgs to rethink their browser extension strategies.