Slopsquatting is another form of AI hallucinations. This time tied to code development that can infect the output of the AI system. The AI systems hallucinated over 20% of the repository dependencies. Very dangerous.
Another attack on software developers uses job ads. When someone replies, they are sent an infected assignment. Opening it compromises and infects their systems!
A new RAT, Remote Access Trojan, has been found allowing attackers to penetrate and take control of systems. Phishing emails are how it arrives. Healthcare and pharmaceuticals are current targets.
The same technique that was used to compromise MITRE has been found to have been used against Windows systems for a few years. It is a complex sophisticated attack.
Much was written about North Koreans being unknowingly hired by many US companies. Now Chinese nationals are getting into US companies through someone who lied and scammed the companies. Vetting new hires is getting more difficult but is more important than ever.
Insiders are always under attack through phishing, smishing, vishing and more. Why? Because attackers know insiders are users that already have access to the desired data. Learn more about this in this Insight.
Spam after spam after spam after spam after spam after spam, etc. That is a new technique attackers are using as a lead in to social engineering attacks.
Another big month for Microsoft patches. Be sure to determine which of your systems and applications are affected, the risk for each, then begin installing. Do not delay.
Actively exploited vulnerabilities are those that cyberattackers are using now to get into systems. Be sure to install the update sooner rather than later.
AI Chatbots come with many vulnerabilities and issues. Now the Android AI Perplexity chatbot was found to have 10 bugs. This makes it less secure than chatbots from ChatGPT and DeepSeek.