Fraud Investigation Techniques
CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution
A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in t...
‘CrashFix’ Scam Crashes Browsers, Delivers Malware
The attack consists of a NexShield malicious browser extension, a social engineering technique to crash the browser, and a Python-based...
Mass Spam Attacks Leverage Zendesk Instances
The CRM vendor advised ignoring or deleting suspicious emails and said the attacks were not tied to any breach or software vulnerabilit...
Kimwolf Botnet Lurking in Corporate, Govt. Networks
A new Internet-of-Things (IoT) botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate...
Vulnerabilities Threaten to Break Chainlit AI Framework
Familiar bugs in a popular open source framework for AI chatbots could give attackers dangerous powers in the cloud.
Google Gemini Flaw Turns Calendar Invites Into Attack Vector
The indirect prompt injection vulnerability allows an attacker to weaponize invites to circumvent Google's privacy controls and access ...
Microsoft & Anthropic MCP Servers At Risk of RCE, Cloud Takeovers
Researchers found the popular model context protocol (MCP) servers, which are integral components of AI services, carry serious vulnera...
ChatGPT Health Raises Big Security, Safety Concerns
ChatGPT Health promises robust data protection, but elements of the rollout raise big questions regarding user security and safety.
More Problems for Fortinet: Critical FortiSIEM Flaw Exploited
CVE-2025-64155, a command injection vulnerability, was disclosed earlier this week and quickly came under attack from a variety of IP a...
CISOs Rise to Prominence: Security Leaders Join the Executive Suite
Security professionals are moving up the executive ranks as enterprises face rising regulatory and compliance standards.