Anthropic introduced an agent identity model for Claude Tag, its AI assistant designed for team collaboration in shared workspaces. The model gives Claude its own identity, permissions, and tool access, configured by administrators and tied to a workspace or channel. Because C...
A standard non-admin account is sufficient to conduct an attack that exploits legitimate OS behavior rather than software vulnerabilities. The post macOS Weaknesses Chained to Silently Disable Endpoint Security Agents appeared first on SecurityWeek.
The company said in a regulatory filing that it became aware of the incident on Tuesday morning and had taken precautionary measures to contain its impact.
Nathan Austad has been ordered to pay roughly $1.8 million in forfeiture and restitution, and the sentence also includes 3 years of supervised release. The post Third DraftKings Hacker Sentenced to 18 Months in Prison appeared first on SecurityWeek.
The flaws allow remote, unauthenticated attackers to make system changes, access underlying accounts, and inject commands. The post Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs appeared first on SecurityWeek.
On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that formed the backbone of the StealC and Amadey infrastructure. This blog is a technical breakdown of StealC and Amadey. The post StealC and Amadey: Breaking...
Microsoft, with law enforcement and industry partners, disrupted more than 200 command and control servers for Amadey and StealC, often used in conjunction. The post In a first, a court takedown goes after two cybercrime tools at once appeared first on CyberScoop.
Healthcare technology company Xsolis confirmed that a phishing attack resulted in unauthorized access to its network. The company develops AI-powered software for hospitals, health systems, and health plans and serves more than 600 hospitals and health insurers. “On January 22...
SuperOps and Guardz announced a strategic partnership, combining their platforms into a single bundled offering for managed service providers (MSPs). The package brings professional services automation (PSA), remote monitoring and management (RMM), mobile device management (MD...
Context is the central plank of AI in general, and agentic AI in particular. If an AI system doesn’t have the correct context, it cannot make the correct decisions. The post Agentic AI Security: Wrong Context, Wrong Decisions at Machine Speed appeared first on SecurityWeek.
Mistic is used by Woodgnat, an initial access broker working with Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta. The post New ‘Mistic’ RAT Opens Door to Several Ransomware Families appeared first on SecurityWeek.
ransomware
Help Net Security · The Hacker News · SecurityWeek · BleepingComputer4 stories
We are standing at the end of an era we never thought to mourn: the era of human-speed threats. For years, cybersecurity moved to a rhythm organizations could follow. A researcher found a bug, a CVE was cataloged, a vendor navigated a patch cycle, and weeks or even months late...
A new backdoor dubbed Mistic has been observed in financially motivated attacks targeting organizations in the insurance, education, IT, and professional services sectors. [...]
Over a dozen Klue customers have confirmed that hackers stole data from their Salesforce instances. The post BeyondTrust, LastPass Impacted by Klue-Salesforce Incident appeared first on SecurityWeek.
AILastPass confirmed a data breach after attackers used OAuth tokens stolen in the Klue supply chain attack to access customer data stored in its Salesforce environment.
FortiBleed exposed valid credentials for 73,000+ Fortinet firewalls, revealing a large-scale access-brokering operation targeting organizations worldwide. In mid-June 2026, researcher Volodymyr “Bob” Diachenko found a live, exposed server containing working login credentials f...