The campaign commences with a spear-phishing email containing a ZIP archive with a malicious LNK file written in Pashto, designed to exploit the familiarity of the language within the Afghan government.
Tag: containing
AI, Cybersecurity, Global Security News, Government & Policy
Prison communication service Pay Tel exposed hundreds of thousands of driver’s licenses
Cybersecurity firm UpGuard discovered an unprotected Microsoft Azure server managed by Pay Tel containing at least 300,000 driver’s license scans and other government-issued identification documents.
AI, Global Security News
CypherLoc scareware tricks millions into identity theft traps
The CypherLoc attack begins with a phishing email containing a malicious link or attachment.
AI, Global Security News, Network Security
Pipelock: Open-source AI agent firewall
AI coding agents run with shell access, environment variables containing API keys, and unrestricted internet connectivity, creating a single point of failure where one compromised tool call can leak credentials to an attacker-controlled domain. Pipelock, an open-source security harness developed by Joshua Waldrep under the PipeLab project, addresses this exposure by inserting an enforcement layer…
AI, Global Security News
Bitwarden CLI npm package compromised to steal developer credentials
The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects. […]
AI, Global Security News, malware
FBI Calls for Help to Track Steam Malware Campaign
The FBI wants to hear from gamers who have downloaded Steam titles containing malware
AI, Global Security News, malware
FBI seeks victims of Steam games used to spread malware
The FBI is asking gamers who installed Steam titles containing malware to provide information as part of an ongoing investigation into eight malicious games uploaded to the gaming platform. […]
AI, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security
Attackers exploit FortiGate devices to access sensitive network information
Attackers are exploiting FortiGate devices to breach networks and steal configuration data containing service account credentials and network details. SentinelOne researchers warn that attackers are exploiting vulnerabilities or weak credentials in FortiGate devices to gain initial access to corporate networks. Once inside, they extract configuration files that may contain service account credentials and information about…
AI, Data Breaches, Exploits, Global Security News, Network Security
FBI probing intrusion into a system managing sensitive surveillance information
The Federal Bureau of Investigation (FBI) is probing suspicious activity on an internal system containing sensitive surveillance and investigation data. The FBI is investigating suspicious cyber activity affecting an internal system that stores sensitive data tied to surveillance operations and investigations, The Associated Press reports. According to a notification sent to members of the United…