IdentityGitLab fixes critical SSO bypass vulnerabilities in updateShaun NicholsMarch 14, 2025The signature verification for the SSO system could be bypassed by using a specially crafted XML input.
Application securityMicrosoft restores VS Code theme flagged as malicious: We messed upLaura FrenchMarch 14, 2025The theme had millions of installations before it was removed in late February.
AI/MLOpenAI’s Operator AI agent can be used in phishing attacks, say researchersSteve ZurierMarch 14, 2025Researchers prove how attackers can use the added functionality in AI agents to launch phishing attacks.
RansomwareNew Lockbit-linked ransomware group targets Fortinet vulnerabilitiesLaura FrenchMarch 13, 2025The “SuperBlack” ransomware leverages the LockBit 3.0 builder with a custom encryption tool.
Vulnerability Management‘ClickFix’ campaign targets hospitality firms with phishing attacksShaun NicholsMarch 13, 2025A novel twist on social engineering attacks is causing havoc for hospitality providers
AI/MLResearchers use jailbreak to build functional malware via DeepSeekSteve ZurierMarch 13, 2025Tenable researchers jailbreak DeepSeek to build a keylogger and ransomware.
AI/MLHealthcare cybersecurity set for AI boom in 2025Shaun NicholsMarch 12, 2025According to a CRA survey, 50% of healthcare organizations are already using AI tools in their cybersecurity practices.
Application securityAndroid spyware ‘KoSpy’ spread by suspected North Korean APTLaura FrenchMarch 12, 2025Malicious apps previously in the Google Play Store enabled theft of messages, files and more.
Application securityXCSSET macOS malware variant targets Xcode projects of app developersSteve ZurierMarch 12, 2025XCSSET variant features enhanced stealth features that can lead to the exfiltration of sensitive financial information.
Phishing95% of data breaches involve human error, report revealsLaura FrenchMarch 11, 2025Meanwhile, employees tend to be overconfident in their ability to detect scams.
