Emerging AI-Driven Phishing Trends Reshape Cybercrime Tactics

Por
GPT

Artificial intelligence (AI) in advances and adaptive social engineering techniques have led to a significant revolution in phishing and scams within the continually changing realm of cybercrime. Cybercriminals are leveraging neural networks and large language models (LLMs) to craft hyper-realistic deceptive content, exploiting current events and personal data to target individuals and organizations more effectively. … Ler mais

Critical FortiSIEM flaw under active exploitation, Fortinet warns

Por
Critical FortiSIEM flaw under active exploitation, Fortinet warns

Critical FortiSIEM flaw under active exploitation, Fortinet warns Fortinet warns of a critical FortiSIEM vulnerability, tracked as CVE-2025-25256, that is actively exploited in attacks in the wild. Fortinet warns customers of a critical vulnerability, tracked asCVE-2025-25256 (CVSS score of 9.8), affecting FortiSIEM for which an exploit exists in the wild. Fortinet gave no details about … Ler mais

Erlang/OTP SSH Vulnerability Sees Spike in Exploitation Attempts

Por
Erlang/OTP SSH Vulnerability Sees Spike in Exploitation Attempts

A severe remote code execution (RCE) vulnerability in Erlang’s Open Telecom Platform (OTP) Secure Shell daemon (sshd) is being actively exploited. According to a new analysis by Palo Alto’s Unit 42, CVE-2025-32433, rated 10.0 on the CVSS scale, allows unauthenticated attackers to execute commands by sending specific SSH messages before authentication. Vulnerable versions include Erlang/OTP … Ler mais

Spike in Fortinet VPN brute-force attacks raises zero-day concerns

Por
Picus Blue Report 2025

A massive spike in brute-force attacks targeted Fortinet SSL VPNs earlier this month, followed by a switch to FortiManager, marked a deliberate shift in targeting that has historically preceded new vulnerability disclosures. The campaign, detected by threat monitoring platform GreyNoise, manifested in two waves, on August 3 and August 5, with the second wave pivoting … Ler mais

AI Applications in Cybersecurity – Schneier on Security

Por

HomeBlog AI Applications in Cybersecurity There is a really great series of online events highlighting cool uses of AI in cybersecurity, titled Prompt||GTFO. Videos from the first three events are online. And here’s where to register to attend, or participate, in the fourth. Some really great stuff here. Tags: AI, cybersecurity, videos Posted on August … Ler mais

Pennsylvania attorney general's email, site down after cyberattack

Por
Picus Blue Report 2025

The Office of the Pennsylvania Attorney General has announced that a recent cyberattack has taken down its systems, including landline phone lines and email accounts. As Attorney General Dave Sunday revealed on social media on Monday, the office staff is currently working to restore affected services and investigate the incident with the help oflaw enforcement … Ler mais

Deepfake AI Trading Scams Target Global Investors

Por
Deepfake AI Trading Scams Target Global Investors

A surge in fraudulent “AI-powered” trading platforms has been observed exploiting deepfake technology and fabricated online content to deceive investors. According to a new investigation by Group-IB, scammers are deploying convincing fake videos, phony reviews and targeted online ads to lure victims into fraudulent investment schemes. At the heart of these campaigns are AI-generated deepfake … Ler mais

Staffing Company Manpower Discloses Large-Scale Data Breach

Por
Staffing Company Manpower Discloses Large-Scale Data Breach

Manpower, one of the world’s leading staffing agencies, has confirmed that a data breach has affected 144,189 people. In a filing with the Office of the Main Attorney General, Manpower said it notified affected individuals on August 11 that their personal information, including their names, had been compromised. The breach occurred months ago, with the … Ler mais

Microsoft removes PowerShell 2.0 from Windows 11, Windows Server

Por
Picus Blue Report 2025

Microsoft will remove PowerShell 2.0 from Windows starting in August, eight years after announcing its deprecation and keeping it around as an optional feature. The 14-year-old command processor introduced with Windows 7 was already removed for Windows Insiders as of July 2025, with the release of Windows 11 Insider Preview Build 27891 to the Canary … Ler mais

Microsoft asks users to ignore certificate enrollment errors

Por
Sophisticated DevilsTongue Spyware Tracks Windows Users Worldwide

Microsoft has asked customers this week to disregard incorrect CertificateServicesClient (CertEnroll) errors that appear after installing the July 2025 preview update and subsequent Windows 11 24H2 updates. In recent months, Microsoft has addressed multiple similar issues affecting various Windows features that triggered erroneous warnings with no actual impact. For instance, last month, Redmond advised users … Ler mais