#intel

Checkmarx uncovers cross-ecosystem attack: fake Python and NPM packages plant backdoor on Windows and Linux, enabling data theft plus remote control.

Quorum Cyber identifies two new NodeSnake RAT variants, strongly attributed to Interlock ransomware, impacting UK higher education and local government.

Plus: An Iranian man pleads guilty to a Baltimore ransomware attack, Russia’s nuclear blueprints get leaked, a Texas sheriff uses license plate readers to track a woman who got an abortion, and more.

The elusive boss of the Trickbot and Conti cybercriminal groups has been known only as “Stern.” Now, German law enforcement has published his alleged identity—and it’s a familiar face.

An arbitrary file copy vulnerability in Gradio's flagging feature allows unauthenticated attackers to copy any readable file from the server's filesystem. While attackers can't read these copied files, they can cause DoS by copying large files (like /dev/urandom) to fill disk space. ### Description The flagging component doesn't properly validate file paths before copying files. Attackers can send specially crafted requests to the `/gradio_api/run/predict` endpoint to trigger these file copies. **Source**: User-controlled `path` parameter in the flagging functionality JSON payload **Sink**: `shutil.copy` operation in `FileData._copy_to_dir()` method The vulnerable code flow: 1. A JSON payload is sent to the `/gradio_api/run/predict` endpoint 2. The `path` field within `FileData` object can reference any file on the system 3. When processing this request, the `Component.flag()` method creates a `GradioDataModel` object 4. The `FileData._copy_to_dir()` method uses this path without ...

Cisco Talos uncovers CyberLock ransomware, Lucky_Gh0$t, and Numero malware masquerading as legitimate software and AI tool installers. Learn…

Fake installers for popular artificial intelligence (AI) tools like OpenAI ChatGPT and InVideo AI are being used as lures to propagate various threats, such as the CyberLock and Lucky_Gh0$t ransomware families, and a new malware dubbed Numero. "CyberLock ransomware, developed using PowerShell, primarily focuses on encrypting specific files on the victim's system," Cisco Talos researcher Chetan

By integrating intelligent network policies, zero-trust principles, and AI-driven insights, enterprises can create a robust defense against the next generation of cyber threats.

PALO ALTO, California, 29th May 2025, CyberNewsWire

Authorities in Pakistan have arrested 21 individuals accused of operating "Heartsender," a once popular spam and malware dissemination service that operated for more than a decade. The main clientele for HeartSender were organized crime groups that tried to trick victim companies into making payments to a third party, and its alleged proprietors were publicly identified by KrebsOnSecurity in 2021 after they inadvertently infected their computers with malware.