Framelink Figma MCP Server Opens Orgs to Agentic AI Compromise Summary A high-severity command-injection flaw (CVE-2025-53967, CVSS 7.5) was discovered in Framelink’s Figma MCP server integration. The vulnerability exists in…
LockBit, Qilin & DragonForce Join Forces in Ransomware ‘Cartel’ Summary Three major ransomware and extortion groups — LockBit, Qilin and DragonForce — have announced a coalition-style collaboration, inviting other cybercriminal…
Red Hat Hackers Team Up With Scattered Lapsus$ Hunters Summary Crimson Collective — a new extortion-focused crime group — claims to have breached a self-managed GitLab instance used by Red…
Vampire Bot Malware Sinks Fangs Into Job Hunters Summary A Vietnam-based threat group tracked as BatShadow has been running a phishing campaign aimed at job seekers and digital marketing professionals.…
Chaos Ransomware Upgrades With Aggressive New C++ Variant Summary FortiGuard Labs has documented a new, more aggressive Chaos ransomware variant rewritten in C++ (Chaos-C++). The variant introduces faster, more destructive…
Take Note: Cyber-Risks With AI Notetakers Summary AI notetaking tools — whether built into meeting platforms or run as third-party apps like Granola or Limitless — are now common in…
SonicWall: 100% of Firewall Backups Were Breached Summary SonicWall has updated its incident disclosure to say that an earlier-reported cloud backup breach affected firewall configuration backup files for every customer…
GitHub Copilot ‘CamoLeak’ AI Attack Exfiltrates Data Summary Researcher Omer Mayraz (Legit Security) demonstrated a proof-of-concept called “CamoLeak” that can coax GitHub Copilot into leaking small but sensitive items —…
Deepfake Awareness High at Orgs, But Cyber Defences Badly Lag Summary Organisations are increasingly encountering AI-augmented deepfake attacks — from AI-crafted phishing emails to audio and video impersonations — yet…
Chinese Hackers Use Velociraptor IR Tool in Ransomware Attacks Summary Researchers from Cisco Talos observed China-based threat group Storm-2603 (also tracked as Gold Salem) abusing the open-source DFIR tool Velociraptor…
