Latest news as of 8/9/2025, 12:45:51 PM
Dark Reading
A new study by researchers at Princeton University and Sentient shows it's surprisingly easy to trigger malicious behavior from AI agents by implanting fake "memories" into the data they rely on for making decisions.
The Register
Ransomware or critical infra hit? Top US manufacturer maintains steely silence Nucor, the largest steel manufacturer in the US, shut down production operations after discovering its servers had been penetrated.…
Dark Reading
The security software maker said the vulnerabilities in Endpoint Manager Mobile have been exploited in the wild against "a very limited number of customers" — for now — and stem from open source libraries.
Bleeping Computer
Google is rolling out a change to Chromium that "de-elevates" Google Chrome so it does not run as an administrator to increase security in Windows. [...]
Bleeping Computer
Google warned today that hackers using Scattered Spider tactics against retail chains in the United Kingdom have also started targeting retailers in the United States. [...]
The Register
How Adversarial Exposure Validation is changing the way we approach vulnerability management Two decades ago, CVSS revolutionized vulnerability management, enabling security teams to speak a common language when measuring and prioritizing risks posed by the vulnerability to the affected asset. However, today, the same tool that once guided us in the right direction is holding us back.… Partner content
The Hacker News
At least two different cybercrime groups BianLian and RansomExx are said to have exploited a recently disclosed security flaw in SAP NetWeaver, indicating that multiple threat actors are taking advantage of the bug. Cybersecurity firm ReliaQuest, in a new update published today, said it uncovered evidence suggesting involvement from the BianLian data extortion crew and the RansomExx ransomware
The Hacker News
Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-4632 (CVSS score: 9.8), has been described as a path traversal flaw. "Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to
The Register
Nightwing claims insider intel helped secure lucrative CISA work but US says decision is unrelated The Department of Homeland Security (DHS) scrapped a highly lucrative cybersecurity contract originally awarded to Leidos following a legal challenge from rival bidder Nightwing, yet insists the pushback had nothing to do with it.…
Bleeping Computer
Ransomware gangs have joined ongoing SAP NetWeaver attacks, exploiting a maximum-severity vulnerability that allows threat actors to gain remote code execution on vulnerable servers. [...]