Security News

A suspected pro-Houthi threat group targeted at least three humanitarian organizations in Yemen with Android spyware designed to harvest sensitive information. "The OilAlpha threat group is highly likely active and executing targeted activity against humanitarian and human rights organizations operating in Yemen, and potentially throughout the Middle East," the cybersecurity company said.

The "AI Leaders Spill Their Secrets" webinar, hosted by Sigma Computing, featured prominent AI experts sharing their experiences and strategies for success in the AI industry. Audience Interaction and Future Trends# Panelists answered audience questions about the future of AI, emphasizing the role of accuracy, trust, and the balance between human decision-making and AI automation.

Houndreds of housands and possibly millions of Windows computers and servers worldwide have been made inoperable by a faulty update of Crowdstrike Falcon Sensors, and the outage affected transport, broadcast, financial, retail and other organizations in Europe, Australia, the US and elsewhere. What initially seemed like it might be a Microsoft problem is now confirmed to have been created by Crowdstrike, i.e., its endpoint security agent.

"APT41 successfully infiltrated and maintained prolonged, unauthorized access to numerous victims' networks since 2023, enabling them to extract sensitive data over an extended period," Google-owned Mandiant said in a new report published Thursday. Attack chains involve the use of web shells, custom droppers, and publicly available tools to achieve persistence, deliver additional payloads, and exfiltrate data of interest.

SolarWinds has addressed a set of critical security flaws impacting its Access Rights Manager software that could be exploited to access sensitive information or execute arbitrary code. Of the 11 vulnerabilities, seven are rated Critical in severity and carry a CVSS score of 9.6 out of 10.0.

Updated An update to a product from infosec vendor CrowdStrike is bricking computers running Windows globally. The Register has found numerous accounts of Windows 10 PCs crashing, displaying the Blue Screen of Death, then being unable to reboot.

Indian crypto exchange WazirX has revealed it lost virtual assets valued at over $230 million after a cyber attack that has since been linked to North Korea. According to a late Thursday WazirX Xeet, the attack targeted one of its multi-signature wallets - digi-cash lockers that are designed to offer superior security by requiring multiple private keys to authorize a transaction.

China has asserted that the Volt Typhoon gang, which Five Eyes nations accuse of being a Beijing-backed attacker that targets critical infrastructure, was in fact made up by the US intelligence community. The nation's National Computer Virus Emergency Response Center, National Engineering Laboratory for Computer Virus Prevention Technology, and infosec vendor 360 Digital Security Group last week published a report [PDF] on Vault Typhoon titled ": A secret Disinformation Campaign targeting US Congress and Taxpayers conducted by US Government agencies.

As GenAI models used for natural language processing, image generation, and other complex tasks often rely on large datasets that must be transmitted between distributed locations, including data centers and edge devices, WAN optimization is essential for robust deployment of GenAI applications at a scale. WAN optimization can significantly enhance AI acceleration by improving data transfer speeds, reducing latency, and optimizing the use of network resources, thus ensuring faster response times.

"A cyber attack occurred in one of our wallets involving a loss of funds exceeding $230 million," the company said in a statement. The Mumbai-based company said the attack stemmed from a mismatch between the information that was displayed on Liminal's interface and what was actually signed.