If you have a Fortinet firewall, it's time to stop and change your passwords. Intruders somehow gained access to around 75,000 Fortinet firewall devices and stole credentials belonging to major corporations across 194 countries, in some cases leading to full network compromise.
Thank you @jessicalyons.bsky.social & @theregister.com for letting me call ShinyHunters scumbags 😂
"I'm concerned about what they are leaving behind: What type of C2 on a sleep cycle is still lingering in these environments?" TrendAI VP Tom Kellermann told me in an exclusive interview about the never-before-seen campaign.
Turns out Gemini makes a perfect hacking partner.
An npm-slop package “mouse5212-super-formatter” targeting Claude users and acting as a stealer reached 676 downloads before being removed from the registry - and after making a major vibe coding blunder.
Data theft and extortion group ShinyHunters exploited a critical Oracle PeopleSoft bug as a zero-day to compromise more than 100 organizations, including the University of Nottingham, across 300 vulnerable instances, beginning in May.
The “jailbreak” that prompted the Trump administration to block Anthropic’s most advanced models was a three-word prompt: “Fix this code.” That's according to Luta Security CEO @k8em0.bsky.social - the only outside expert to read the research paper on the guardrail bypass that prompted the ban.
“At first, yes, this means more patches and thus more work for admins,” @dustinchilds.bsky.social told me. “The goal over time would be to eliminate as many as possible, and, over time, that monthly number goes down.”
"A national agency having 844 MB of production infrastructure material in a public GitHub repository for six months is as serious as a secrets leak gets," GitGuardian researcher Guillaume Valadon told me.
Nightmare Eclipse, the prolific bug hunter and possibly disgruntled ex-Microsoft employee, released another 0-day - this one is No. 7 - just hours after Microsoft's Patch Tuesday security updates. www.theregister.com/security/202...
