Actively exploited Apache ActiveMQ flaw impacts 6,400 servers

Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ...

Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain

A Vercel employee's AI tool OAuth grant gave attackers access to internal systems via a four-hop kill chain. Here's what ...
YouTube on MSN

Vector walks on water

#shorts ...
Security Boulevard

Vercel Breach: How a Roblox Cheat Download Led to a $2M Data Heist Through AI Tool OAuth Abuse

Vercel breached after attacker compromised Context.ai, hijacked an employee's Google Workspace via OAuth, and accessed ...

BeyondTrust’s 13th Annual Microsoft Vulnerabilities Report Reveals Drop in Total Volume, But Surge in Critical Risk

Critical vulnerabilities doubled year-over-year, signaling rising risk severity as AI-driven discovery and expanding attack ...
CoinDesk

LayerZero blames Kelp's setup for $290 million exploit, attributes it to North Korea's Lazarus

LayerZero said the attackers compromised two RPC nodes the company's verifier relied on and DDoS'd the rest, with the attack ...

CISA flags Apache ActiveMQ flaw as actively exploited in attacks

CISA warned that attackers are now exploiting a high-severity Apache ActiveMQ vulnerability, which was patched earlier this ...

Most enterprises can't stop stage-three AI agent threats, VentureBeat survey finds

How mature is your AI agent security? VentureBeat's survey of 108 enterprises maps the gap between monitoring and isolation — ...
CoinDesk

Kelp DAO claims LayerZero’s 'default' settings are what actually caused the massive $290 million disaster

The liquid restaking protocol said the compromised verifier was LayerZero's own infrastructure, and the setup it was faulted ...
Dark Reading

Your Next Breach Will Look Like Business as Usual

These are the fundamental detection model shifts cybersecurity teams need to make to keep up with the rising number of ...
Communications of the ACM

Subscription Bombing: Email under Attack

Email subscription bombing (also known as subscription flooding or email spam bombing) is an attack technique that overwhelms ...
The Next Web

Hackers breached the European Commission by poisoning the security tool it used to protect itself

CERT-EU attributed a 92 GB data breach at the European Commission to TeamPCP, which compromised the Trivy security scanner in a supply chain attack. ShinyHunters leaked the data.