thecyberexpress

New AI Vulnerability Scoring System Announced to Address Gaps in CVSS

A new vulnerability scoring system has just been announced. The initiative, called the AI Vulnerability Scoring System (AIVSS), aims to fill the gaps left by traditional models such as the Common ...
thecyberexpress

Illuminate Education Fined $5.1 Million for Failing to Protect Student Data

The Attorneys General of California, Connecticut, and New York have announced a $5.1 million settlement with Illuminate Education, Inc., an educational technology company, for failing to adequately ...
thecyberexpress

India Rolls Out Digital Life Certificate 4.0, Urges Pensioners to Stay Cyber Safe

The Government of India’s Department of Pension & Pensioners’ Welfare (DoPPW) has launched the Digital Life Certificate (DLC) Campaign 4.0, a national drive to make pension services more accessible ...
thecyberexpress

AI Malware Detected in the Wild as Threats Evolve

AI malware may be in the early stages of development, but it’s already being detected in cyberattacks, according to new research published this week. Google researchers looked at five AI-enabled ...
thecyberexpress

Brazilian “Caminho” Loader Turns Images into Malware Delivery Chain

A newly identified loader dubbed “Caminho” (Portuguese for “path”) has emerged as a sophisticated Loader-as-a-Service platform that uses Least Significant Bit (LSB) steganography to conceal malicious ...
thecyberexpress

North Korean Hackers Deploy “Drone” Malware in Targeting of European UAV Manufacturers

The name said it all: DroneEXEHijackingLoader.dll. That internal file name, buried in malicious code delivered to three European defense contractors, revealed what security researchers now believe ...
thecyberexpress

CISA Adds Microsoft, Apple and Oracle Vulnerabilities to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five CVEs to its Known Exploited Vulnerabilities (KEV) catalog today, including Microsoft, Apple and Oracle vulnerabilities. CISA ...
thecyberexpress

How “Unseeable Prompt Injections” Threaten AI Agents

A new form of attack is targeting browsers with built-in AI assistants. Researchers at Brave have found that seemingly harmless screenshots and web pages can hide malicious instructions that hijack ...
thecyberexpress

U.S. Accuses Former Security Company Official of Stealing Trade Secrets to Sell to Russian Buyer

The U.S. government has apparently charged a former cybersecurity company official with stealing trade secrets with the intention of selling them to a Russian buyer, according to court documents and ...
thecyberexpress

SessionReaper Exploits Erupt as Magento Sites Lag on Patching

Six weeks after Adobe shipped an emergency fix, attackers have begun weaponizing SessionReaper — and most Magento stores still stand exposed. Security firm Sansec’s forensics team said it blocked ...
thecyberexpress

Russian State-Sponsored COLDRIVER Group Deploys New Malware After Exposure of LOSTKEYS

Following the public disclosure of its LOSTKEYS malware in May 2025, the Russian state-sponsored threat group known as COLDRIVER, also tracked under aliases such as UNC4057, Star Blizzard, and ...
thecyberexpress

Compromised YouTube Accounts Used to Distribute Infostealer Malware

More than 3,000 malicious YouTube videos were used to distribute infostealer malware, according to a new report detailing the operation. Dubbed the “YouTube Ghost Network” by Check Point Research, the ...