scworld.com

Outlet metrics

Domain Authority

Ranking

Global

#259663

United States

#192134

Computers Electronics and Technology/Computer Security

#561

Traffic sources

Monthly visitors

Articles

Jira tickets become attack vectors in PoC ‘living off AI’ attack

1 week ago | scworld.com | Laura French

Jira tickets could potentially be abused for prompt injection when support staff use AI to help handle issues. This “living off AI” proof-of-concept (PoC) attack targeting Atlassian’s Model Context Protocol (MCP) and Jira Service Management (JSM) was demonstrated by Cato Networks in a blog post Thursday. The PoC exploit highlights the risk that arise when AI systems with internal access and permissions are able to act on untrusted external inputs.
Aflac among victims in cyberattacks targeting US insurance industry

1 week ago | scworld.com | Steve Zurier

Cyberattacks on insurance companies in the U.S. are continuing as Aflac reported to the Securities and Exchange Commission (SEC) on June 20 that it discovered an attack on its network June 12. The company said the recent attack — like many others U. S. insurance companies are experiencing — was caused by a sophisticated cybercrime group via social engineering tactics. “This was part of a cybercrime campaign against the insurance industry,” said Aflac in a Friday press release.
ClickFix attacks surge as exploits see drop in popularity

1 week ago | scworld.com | Shaun Nichols

Threat actors have been increasingly relying on social-engineering tactics such as ClickFix scams to lure victims into infecting their systems with malware. Researchers with security provider ReliaQuest said that social-engineering attacks, most notably ClickFix attacks in which victims are tricked into running malicious scripts under the guise of CAPTCHA codes, now make up the majority of observed attack scams, along with techniques such as phishing emails.
42% of AI-using devs say at least half of their codebase is AI-generated

1 week ago | scworld.com | Laura French

A survey of developers who use AI in their work found that 42% said at least half of their codebase is AI-generated. Only 67% said they review AI-generated code before every deployment, despite 79.2% saying they believe AI will exacerbate open-source malware threats, according to the Cloudsmith’s Artifact Management Report 2025, published Wednesday.
GodFather banking malware creates virtual environment on victim devices

1 week ago | scworld.com | Steve Zurier

A sophisticated evolution of the GodFather banking malware was observed targeting 12 Turkish banks and scanning nearly 500 apps globally, including cryptocurrency wallets and financial platforms. The real danger here: the malware leverages an advanced on-device “Virtualization-as-a-Weapon” technique that hijacks several legitimate apps with an eye towards taking full control of a mobile device.
Cybercriminals use SEO tricks to push phishing pages

1 week ago | scworld.com | Shaun Nichols

Search Engine Optimization (SEO) has become the latest tool for attackers looking to lure in targets for phishing attacks. Researchers with security vendor Netcraft said that cybercriminals are increasingly looking to inject web pages with code designed to game search engines into prioritizing compromised content and redirecting users to attack sites.
Half of organizations struggle to locate backup data, report finds

1 week ago | scworld.com | Laura French

Half of organizations have difficulty locating backup data when they need it, a new report revealed. Eon’s 2025 State of Cloud Backup report, published Tuesday, delves into how cloud backup management strategies have lagged behind the evolution of multi-cloud environments. “In nearly every conversation we have with cloud teams, they suddenly realize how outdated their backup strategy is.
Scattered Spider group attacking US insurance industry, Google says

1 week ago | scworld.com | Steve Zurier

The Google Threat Intelligence Group (GTIG) on June 16 said that it’s now aware of “multiple” intrusions into the insurance industry in the U.S. that bear all the hallmarks of the Scattered Spider ransomware group. The news represented a shift from Scattered Spider’s recent focus on retail operations, most notably attacks on Marks & Spencer in the UK and Victoria’s Secret in the United States.
Rethinking Regex: Smarter detection for a modern threat landscape

1 week ago | scworld.com | Paul Wagenseil

Using regular expressions, or regex, was once a convenient and powerful way for web application firewalls (WAFs) to find malicious code in web requests. Sadly, it doesn't work that well anymore. Regular expressions need far too much tuning, require overly complex matching rules and fail to understand context, resulting in a high rate of false positives and an unacceptable rate of letting actual malicious code get through.
Alerts for flaws in industrial control systems include Siemens, Aveva

1 week ago | scworld.com | Shaun Nichols

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a handful of alerts to address vulnerabilities in industrial control appliances and security cameras. The U.S. cybersecurity authority said that a number of devices, including those from Siemens, Aveva, and PTZOptics, could be vulnerable to various forms of remote attack and should be updated as soon as possible.