Security news.
Today's cybersecurity landscape is marked by significant data breaches, the growing sophistication of AI in attacks, and major law enforcement actions against cybercrime infrastructure. A large healthcare data breach, critical RCE flaws in an AI code editor, and the disruption of a massive residential proxy network highlight the ongoing challenges faced by defenders.
European Parliament Member Hacked with Pegasus Spyware
A former Member of the European Parliament, Stelios Kouloglou, was repeatedly targeted with Pegasus spyware while investigating surveillance tool abuse.
Medtronic Data Breach Impacts 3.8 Million People
Healthcare device firm Medtronic is notifying 3.8 million individuals about a data breach where ShinyHunters accessed corporate IT systems and stole personal and medical information.
Agentic AI Used to Conduct Ransomware Attack via Langflow
A new attack demonstrates how LLM agents can combine known exploitation techniques with real-time reasoning to automate complex, multi-stage ransomware intrusions.
Critical Cursor AI Code Editor Flaws Lead to OS-Level RCE
Critical DuneSlide vulnerabilities in the Cursor AI code editor enable zero-click prompt injection attacks that can escape the sandbox and execute arbitrary code.
Google, FBI Disrupt NetNut Residential Proxy Network
Google and the FBI have disrupted NetNut, a residential proxy network that rented access to millions of compromised devices, allowing cybercriminals to mask their identities.
Alleged Scattered Spider Hacker Extradited to US
19-year-old Peter Stokes, an alleged member of the Scattered Spider hacking group linked to over 100 network intrusions and $100 million in ransom, has been extradited to the U.S.
PamStealer Uses Fake Maccy Sites to Steal Mac Login Passwords
A new macOS information stealer, PamStealer, is distributed as a compiled AppleScript file impersonating the legitimate Maccy clipboard manager to siphon sensitive data.
Chinese LLMs Broaden Gap Between Attackers & Defenders
Two new large language models from Chinese firms are competing with top US models, raising concerns for cyber-defenders about the expanding capabilities of attackers.