2 Scattered Spider-Linked Hackers Plead Guilty Over £39M TfL Cyberattack
Two teenagers face sentencing after admitting to a massive Scattered Spider cyberattack that hit Transport for London (TfL) and US healthcare networks.
cybersecurity
OpenAI wants AI to fix vulnerabilities, not just find them
OpenAI expanded Daybreak, its cybersecurity initiative that combines AI models, Codex Security, security researchers, maintainers, industry partners, and access controls to support vulnerability discovery and remediation. Organizations can use the init…
A $1,400 experiment in AI security auditing outperformed OpenAI’s Codex Security
A research team has built a system that teaches AI agents to hunt for software bugs by writing the audit method down as plain text. The system, called EVOHUNT, keeps the underlying AI model fixed and improves only an external “playbook” tha…
Beats Studio Buds Flaw Could Let Nearby Attackers Eavesdrop on Users
Apple has released a security update to patch a Beats Studio Buds flaw that let nearby hackers listen to conversations through the microphone.
Texas Parks and Wildlife Data Breach Affects Over 3M License Customers
Around 3 million Texas licence holders face a data breach after hackers targeted a third-party vendor, exposing driver’s licences and passport numbers.
Threat Hunting Beyond Alerts: Finding the Activity Detection Misses
Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.
Scammers Use Fake GitHub Stars, VirusTotal Reviews to Spread Crypto Clipper
A multi-platform malware campaign abuses fake trust signals to infect Windows and Mac users with a crypto clipper packed with 15,500 attacker wallets.
Prinz Eugen Ransomware Hits Recent Files First and Skips Ransom Notes
Prinz Eugen ransomware prioritizes recently modified files and leaves no ransom note on disk, creating new pressure on backup windows, endpoint alerts, and incident response playbooks.
The post Prinz Eugen Ransomware Hits Recent Files First and Skips R…
Salesforce Disables Klue Integration After OAuth Token Theft Hits Customer Data
Icarus extortion group used a legacy Klue Battlecards credential to bypass security and steal bulk Salesforce records from affected companies.
23 ClawHub plugins squatting official scopes expose AI registry security gaps
Plugin registries for AI agents use npm-style scopes like @openclaw/ and @clawhub/ to signal who published a package. But on ClawHub, a registry whose plugins run with Claude, OpenClaw, and other agents, those official scopes weren’t reserved to …