Cyber Security – Page 4 – Simply Secure Group

New ChatGPT Lockdown Mode to Mitigate Prompt Injection and Data Exfiltration Attacks

OpenAI has released ChatGPT Lockdown Mode, a new security feature designed to limit outbound network access and reduce the risk of data exfiltration from prompt-injection attacks. The feature is now available to eligible personal accounts, self-serve ChatGPT Business users, and managed enterprise workspaces. Prompt injection, where malicious instructions are embedded in content processed by an […]

CISA Warns of SolarWinds Serv-U Vulnerability Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical SolarWinds Serv-U vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that threat actors are actively exploiting the flaw in the wild. Tracked as CVE-2026-28318, the vulnerability affects SolarWinds Serv-U file transfer software and enables unauthenticated attackers to crash the service through specially […]

OWASP CVE Lite CLI New Tool to Scan for Vulnerabilities in Your Projects

CVE Lite CLI is a free, open-source vulnerability scanner officially recognized as an OWASP Incubator Project, designed to bring dependency security directly into developers’ terminals rather than leaving it buried in CI pipelines. Maintained by Sonu Kapoor and backed by the same organization behind the OWASP Top 10, the tool addresses a longstanding gap in […]

Hola Browser for Windows Delivery Pipeline Compromised to Deliver Cryptominer

A trusted browser application has landed at the center of a supply chain security incident after researchers discovered that its official delivery pipeline had been quietly compromised. Hola Browser for Windows, used by millions of users around the world, was found distributing an unexpected executable file alongside its legitimate installer. The file, named me.exe, was […]

VECT 2.0 Ransomware Can Damage Files Its Own Decryptor Cannot Reliably Restore

A new ransomware strain called VECT 2.0 is raising serious concerns among security professionals, and for a troubling reason — even if a victim pays the ransom, the attacker’s own decryptor may not fully restore their files. This is not a typical failure tied to weak defenses or victim error. The damage, in many cases, […]

ClawHub, Cisco, Vercels Malicious Skill Detector Bypassed to upload Malicious Skills

AI skill scanners from ClawHub, Cisco, and Vercel’s skills. The platform can be bypassed with minimal effort, allowing malicious skills to be uploaded and distributed through public marketplaces. The findings highlight a growing supply chain risk in agent ecosystems, where skills serve as reusable components that can execute code and influence model behavior. The Trail […]

IronWorm Supply Chain Attack Uses Malicious npm Packages to Steal Developer Secrets

A newly discovered malware campaign called IronWorm has been silently targeting software developers through poisoned npm packages, stealing credentials, API keys, and even cryptocurrency wallet recovery phrases. The attack is built to spread itself through trusted developer workflows, making it one of the more sophisticated supply-chain threats seen in recent years. The malware travels inside […]

Hackers Abusing Microsoft Teams and Google Drive to Deploy Remote Access Malware

Hackers are increasingly abusing trusted enterprise platforms such as Microsoft Teams and Google Drive to deploy stealthy remote access malware, with a newly observed campaign leveraging social engineering and cloud-based command-and-control to evade detection. In early April 2026, eSentire’s Threat Response Unit (TRU) identified a targeted intrusion against a legal sector organization in which attackers […]

New Google Gemini Vulnerability Exploited via Prompt Injections from WhatsApp, Slack, and SMS

A new class of indirect prompt injection (IPI) attacks targets Google Gemini’s voice assistant, allowing attackers to silently hijack the AI through malicious payloads delivered via everyday messaging apps, including WhatsApp, Slack, Signal, SMS, Instagram, and Messenger. The research, led by Or Yair, Security Research Team Lead at SafeBreach, builds on the firm’s earlier “Invitation […]

Hackers Use YouTube and SEO Poisoning to Spread WeedHack Minecraft Malware

Hackers are hiding dangerous malware inside what look like popular Minecraft mods and game clients, using YouTube videos and search engine tricks to pull unsuspecting players into their trap. The campaign, known as WeedHack, has been quietly running since January 2026 and has already racked up over 116,000 victims worldwide. What makes this campaign particularly […]

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.