Risk
-
Cursor AI editor vulnerability could enable covert code execution on folder open, researchers warn
A vulnerability in Cursor, the AI-augmented fork of Visual Studio Code, could allow attackers to silently run code on a user’s machine when a repository is opened, researchers warn, due to default Workspace Trust settings and potential autorun configurations.
-
LNER confirms customer data accessed in third-party data breach
London North Eastern Railway says customer contact details and some journey information were accessed via a third-party supplier, with no impact on ticketing or services and no storage of bank data. The company urges caution on phishing and emphasizes secure passwords.
-
Two campaigns push fake Meta Verified extensions to steal Facebook data, researchers say
Cybersecurity researchers uncovered two malvertising campaigns distributing fake Meta Verified browser extensions and rogue Chrome tools aimed at Meta advertisers, stealing Facebook cookies and account data with the goal of selling compromised assets and fueling further malvertising.
-
Backdoor.Win32.Buterat Targets Government and Enterprise Networks, Researchers Say
A new analysis from Point Wild details Buterat, a long-running backdoor that targets government and enterprise networks. The malware uses thread manipulation and encrypted C2 channels to avoid detection and maintain persistence, with defenders urged to strengthen endpoints and employee training.
-
Open AWS bucket exposes 1.6 million gym audio recordings, researchers warn of privacy risk
A security researcher says an unencrypted AWS bucket exposed 1.6 million gym audio recordings containing names, numbers and reasons for calls, highlighting privacy and security risks from stored voice data.
-
RatOn Android malware evolves into ATS-enabled remote access trojan, ThreatFabric says
ThreatFabric reports that RatOn has evolved from NFC relay attacks into an ATS-enabled Android remote access trojan, capable of automated cryptocurrency transfers, overlay ransomware-style screens, and NFC relay via NFSkate, with initial activity centered in the Czech Republic and Slovakia likely to follow.
-
18 npm Packages Published With Malware That Rewrites Crypto Destinations
Aikido Security reported that attackers pushed malicious updates to 18 npm packages on Sept. 8 that inject browser hooks to intercept and rewrite crypto transaction destinations; the company said maintainers were targeted via phishing and listed indicators including specific compromised package versions.
-
Netskope seeks up to $6.5 billion valuation in U.S. IPO
Netskope said it is seeking up to a $6.5 billion valuation in a U.S. IPO, proposing to sell 47.8 million shares at $15–$17 to raise up to $813 million; it plans to list on Nasdaq under the symbol NTSK with Morgan Stanley and J.P. Morgan as lead underwriters.
-
Plex urges password resets after data breach; authentication data exposed
Plex disclosed a data breach that exposed a subset of customer data, including emails, usernames, and securely hashed passwords. The company urged users to reset their passwords, sign out of devices, and enable two-factor authentication, noting that no payment card data was affected.
-
GhostAction: GitHub supply-chain attack exposes 3,325 secrets across hundreds of repositories
Researchers say a GitHub supply-chain campaign named GhostAction stole about 3,325 secrets across PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys, by compromising maintainer accounts to inject malicious GitHub Actions workflows that exfiltrate secrets to an attacker-controlled endpoint.
