433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Vercel breached via compromised third-party AI tool

Cloud deployment and hosting platform Vercel has suffered a security breach that resulted in attackers accessing some of its internal systems and compromising Vercel credentials of a “limited subset of customers”. Advice for affected customers “The incident originated with a compromise of Context.ai, a third-party AI tool used by a Vercel employee,” the Vercel security team explained in a post published on Sunday. “The attacker used that access to take over the employee’s Vercel Google … More → The post Vercel breached via compromised third-party AI tool appeared first on Help Net Security.
http://news.poseidon-us.com/TS7SFp

AI platform ATHR makes voice phishing a one-person job

For $4,000 and a cut of the take, a lone criminal can now run a fully automated voice-phishing operation via ATHR, a plaform that spoofs emails alerts from Google, Microsoft, and Coinbase, buries a phone number in each message, and when the victim calls back, hands them off to either a human scammer or an AI voice agent. ATHR for sale AI is becoming part of everyday criminal workflows, and fueling the rise in cyber … More → The post AI platform ATHR makes voice phishing a one-person job appeared first on Help Net Security.
http://news.poseidon-us.com/TS7DPf

Meta and PortSwigger drive offensive security further to find what others miss

Meta Bug Bounty and PortSwigger have formed a partnership to help security researchers sharpen their skills, collaborate more closely, and improve vulnerability discovery. The initiative combines Meta’s bug bounty program with PortSwigger’s Burp Suite, reflecting a shared focus on improving both tooling and education for the global security community. “By joining forces, we’re not just offering resources; we’re building bridges between communities,” Meta Bug Bounty said. In this collaboration, PortSwigger is providing Burp Suite Professional … More → The post Meta and PortSwigger drive offensive security further to find what others miss appeared first on Help Net Security.
http://news.poseidon-us.com/TS75K0

EU pushes for stronger cloud sovereignty, awards €180 million to four providers

The European Commission is stepping up efforts to strengthen the EU’s digital sovereignty by awarding a cloud services tender worth up to €180 million over six years. The initiative gives EU institutions and agencies access to sovereign cloud services delivered by a group of Europe-based providers. Four vendors were selected under the tender. Post Telecom will work with CleverCloud and OVHcloud, while STACKIT and Scaleway secured contracts independently. Proximus joins the list through partnerships with … More → The post EU pushes for stronger cloud sovereignty, awards €180 million to four providers appeared first on Help Net Security.
http://news.poseidon-us.com/TS6z9T

SmokedMeat: Open-source tool shows what attackers do inside CI/CD pipelines

Boost Security has released SmokedMeat, an open-source framework that runs attack chains against CI/CD infrastructure so engineering and security teams can see what an attacker would do in their specific environment. What the tool does SmokedMeat takes a flagged pipeline vulnerability and executes a live demonstration against a team’s own infrastructure. Starting from a single vulnerability, it deploys a payload, compromises the runner, harvests credentials from process memory, exchanges those credentials for cloud access, exposes … More → The post SmokedMeat: Open-source tool shows what attackers do inside CI/CD pipelines appeared first on Help Net Security.
http://news.poseidon-us.com/TS6z8H