Sandia programmers are helping the US Cybersecurity and Infrastructure Security Agency (CISA) in its hunt for hackers and cyber terrorists through an innovative program that enlists Microsoft cloud users worldwide. In March, Untitled Goose Tool was…

The European Union (EU) will soon require some technology platforms to label their Artificial Intelligence (AI)-generated images, audio, and videos with "prominent markings" showing their synthetic origins. In addition, the White House wants major AI…

Zimbra recently released patches for a cross-site scripting (XSS) vulnerability in Collaboration Suite that has been exploited in malicious attacks.  The vulnerability is tracked as CVE-2023-37580 and was disclosed earlier this month when Zimbra…

North Korea’s infamous Lazarus hacking group has been linked to two new attacks on cryptocurrency firms which led to the theft of nearly $100m in virtual currency.  CoinsPaid said in an update this week that $37.3m was stolen from the firm.  …

Large Language Models (LLMs) apply deep learning techniques to process and generate text. This Artificial Intelligence (AI) technology has resulted in the development of open source and publicly accessible tools, such as ChatGPT, Claude, Google Bard, and…

The National Security Agency (NSA) collaborated with US and international cyber agencies to issue the Cybersecurity Advisory (CSA) titled "Preventing Web Application Access Control Abuse," which warns that vulnerabilities in web applications, including…

Hackers could exploit a legitimate Windows search feature to download arbitrary payloads from remote servers and compromise targeted systems with Remote Access Trojans (RATs) such as AsyncRAT and Remcos RAT. According to Trellix, the novel attack…

Three vulnerabilities in the popular WordPress form-building plugin Ninja Forms could enable attackers to escalate privileges and steal user data. Patchstack disclosed the three vulnerabilities to the plugin's developer, Saturday Drive, warning that they…

According to Netskope, for every 10,000 enterprise users, an enterprise organization faces around 183 incidents of sensitive data being posted to ChatGPT per month. Source code makes up the largest share of exposed sensitive data. Based on data from…

Developers are increasingly implementing security testing as part of the development pipeline. However, there is still room for improvement as only a minority of companies test software during development or before committing code. According to Snyk's…

Insider Computer Abuse (ICA), also known as the unauthorized and intentional misuse of organizational information resources by insiders, remains a significant threat to the security of organizational information systems. Recent studies have shown that…

Field hospitals and emergency response Information Technology (IT) infrastructure are confronted with the same cybersecurity challenges as any other IT infrastructure, but the consequences can be fatal. Hackers and scammers attempting to exploit…