Microsoft adds smarter bot protection to Teams meetings

Microsoft has introduced a new feature in its popular Teams communication platform that aims to prevent malicious third-party bots from joining meetings without approval. This move comes as part of Microsoft’s ongoing effort to enhance security and protect users from social engineering attacks. The new policy, which can be assigned to individual users or groups, … Read more

Lessons from the Underground: How to Combat Business Email Compromise

Business Email Compromise Attacks Exposed: What’s Behind the Rise in Sophisticated Scams A closer look at underground forums reveals that Business Email Compromise (BEC) attacks are more complex and organized than previously thought. The typical notion of BEC as a simple email scam doesn’t do justice to the intricate operation behind it. Threat actors don’t … Read more

Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints

A severe vulnerability, dubbed Langflow RCE (Remote Code Execution), has been exploited to deploy Monero miners on exposed AI app endpoints, leaving countless organizations vulnerable to financial loss and reputational damage. The attack vector leverages a recently discovered zero-day exploit in Langflow, an open-source AI development platform used by thousands of developers worldwide. The Langflow … Read more

RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS

A notorious botnet, known as RustDuck, is making a comeback, threatening to unleash devastating distributed denial-of-service (DDoS) attacks on unsuspecting networks. The botnet, which was previously thought to be dormant, has undergone a significant makeover in recent weeks, leveraging the programming language Rust to amplify its capabilities. RustDuck’s resurgence is particularly concerning as it targets … Read more

Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data

Microsoft recently sounded the alarm on a worrying trend that could put sensitive data at risk: maliciously crafted tool descriptions are being used to trick artificial intelligence (AI) agents into leaking confidential information. The vulnerability affects organizations worldwide, including those in the technology and finance sectors, who rely on AI-powered tools to analyze and process … Read more

Fake Perplexity extension on Chrome Web Store tracked searches

A malicious Chrome extension posing as a popular research assistant has been discovered on the Chrome Web Store, intercepting search traffic and collecting browsing information from unsuspecting users. The fake “Perplexity AI” extension, available for download with the ID “flkebkiofojicogddingbdmcmkpbplcd”, is a convincing imitation of the legitimate Perplexity AI answer engine. Its true purpose, however, … Read more

Silent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet Addresses

A new and insidious form of cryptocurrency theft has been uncovered, with hackers exploiting a seemingly innocuous Google Chrome extension to swap wallet addresses and steal digital funds. The “Silent Swap Crypto Clipper” malware targets individuals who use Google Notes, a popular note-taking browser extension. By masquerading as the legitimate extension, the attackers inject malicious … Read more

Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints

A newly discovered vulnerability in an artificial intelligence (AI) app has been exploited to deploy Monero cryptocurrency miners on exposed endpoints, putting thousands of users at risk. The Langflow Remote Code Execution (RCE) flaw, discovered by a researcher using AI-powered tools, was found in the popular Langflow app used for video editing and processing. The … Read more

RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS

A New Era of Botnet Malware Emerges with RustDuck Rebuild, Threatening Global Networks A sophisticated botnet malware known as RustDuck has resurfaced, leveraging the programming language Rust to wreak havoc on global networks. The botnet’s primary objective is to hijack routers and servers, exploiting them for distributed denial-of-service (DDoS) attacks that can cripple online infrastructure. … Read more

Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data

Microsoft’s warning that poisoned MCP tool descriptions can make AI agents leak sensitive data has sent shockwaves through the cybersecurity community, highlighting the growing threat of AI-powered attacks on software vulnerabilities. The issue affects organizations worldwide that rely on Microsoft products and services, including cloud-based platforms, operating systems, and applications. At the heart of this … Read more