As one of the defining technologies of this century, artificial intelligence (AI) seems to witness daily advancements with new entrants to the field, technological breakthroughs, and creative and innovative applications. The landscape for AI security shares the same breakneck pace with streams of newly proposed legislation, novel vulnerability discoveries, and emerging threat … [Read more...] about Cisco Introduces the State of AI Security Report for 2025
Security
YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users
Mar 20, 2025Ravie LakshmananMalware / Threat Analysis YouTube videos promoting game cheats are being used to deliver a previously undocumented stealer malware called Arcane likely targeting Russian-speaking users. "What's intriguing about this malware is how much it collects," Kaspersky said in an analysis. "It grabs account information from VPN and gaming clients, and all … [Read more...] about YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users
Top 3 Trends in Red Team Exploitation Paths
Though 2024 may be behind us, many of the security threats and vulnerabilities that organizations faced last year remain. The CrowdStrike Professional Services Red Team tracks them all in its efforts to defend organizations against adversaries. The three most common exploitation paths we encountered were: Unsecured Credentials: Weak or exposed credentials remain one … [Read more...] about Top 3 Trends in Red Team Exploitation Paths
CrowdStrike Achieves FedRAMP High Authorization
Securing the Nation's Most Critical Systems: CrowdStrike Achieves FedRAMP High Authorization The evolving landscape of state-sponsored threats demands the highest levels of security for federal systems and critical infrastructure. As part of our longstanding commitment to protecting federal agencies and critical infrastructure, the AI-native CrowdStrike Falcon® platform … [Read more...] about CrowdStrike Achieves FedRAMP High Authorization
New Arcane stealer spreads disguised as Minecraft cheats
At the end of 2024, our experts discovered a new stealer called Arcane, which collects a wide range of data from infected devices. Now cybercriminals have taken it a step further by releasing ArcanaLoader — a downloader that claims to install cheats, cracks, and other “useful” gaming tools, but which actually infects devices with the Arcane stealer. Despite their lack of … [Read more...] about New Arcane stealer spreads disguised as Minecraft cheats
Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners
Mar 19, 2025Ravie LakshmananThreat Intelligence / Cryptojacking Threat actors are exploiting a severe security flaw in PHP to deliver cryptocurrency miners and remote access trojans (RATs) like Quasar RAT. The vulnerability, assigned the CVE identifier CVE-2024-4577, refers to an argument injection vulnerability in PHP affecting Windows-based systems running in CGI mode that … [Read more...] about Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners
Securing XIoT in the Era of Convergence and Zero Trust
The rise of connected devices has fundamentally reshaped industries, enabling unprecedented levels of automation, efficiency, and innovation. These devices fall under the Extended Internet of Things (XIoT), a broad category encompassing traditional Internet of Things (IoT) devices, operational technology (OT), industrial control systems (ICS), the Internet of Medical Things … [Read more...] about Securing XIoT in the Era of Convergence and Zero Trust
Redefining Security Management in a Hyperconnected World
In today’s rapidly transforming world, Cisco is redefining security and its management. With the recent launch of the most advanced Hybrid Mesh Firewall and Universal Zero Trust Network Access (ZTNA) solutions, both managed under Security Cloud Control, we’re introducing a new way for you to interact, set policies, and troubleshoot. Security Cloud Control serves as a central … [Read more...] about Redefining Security Management in a Hyperconnected World
New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors
Mar 18, 2025Ravie LakshmananAI Security / Software Security Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code. "This technique enables hackers to silently compromise AI-generated code … [Read more...] about New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors
Supply chain attack via GitHub Action
Attacks on open-source mostly start with publishing new malicious packages in repositories. But the attack that occurred on March 14 is in a different league — attackers compromised the popular GitHub Action tj-actions/changed-files, which is used in more than 23,000 repositories. The incident was assigned CVE-2025-30066. All repositories that used the infected changed-files … [Read more...] about Supply chain attack via GitHub Action