News
-
"Researchers Uncover Vulnerabilities in Open-Source AI and ML Models"About three dozen security flaws have been discovered in different open source Artificial Intelligence (AI) and Machine Learning (ML) models, some of which enable Remote Code Execution (RCE) and the theft of information.
-
"ChatGPT Jailbreak: Researchers Bypass AI Safeguards Using Hexadecimal Encoding and Emojis"Marco Figueroa, Generative Artificial Intelligence (GenAI) bug bounty programs manager at Mozilla, has disclosed new jailbreak methods that can trick the AI-driven chatbot ChatGPT into generating Python exploits and a malicious SQL injection tool.
-
"Russia Targeting Ukrainian Military Recruits With Android, Windows Malware, Google Says"Google warns of a Russian cyber espionage and influence campaign targeting military recruits in Ukraine to hinder the country's mobilization efforts.
-
"New Tool Bypasses Google Chrome's New Cookie Encryption System"The "Chrome-App-Bound-Encryption-Decryption" tool released by cybersecurity researcher Alexander Hagenah can bypass Google's new App-Bound encryption cookie-theft defenses and extract saved credentials from the Chrome web browser.
-
"AI Hallucinations Can Pose a Risk to Your Cybersecurity"One of the most significant challenges associated with Artificial Intelligence (AI) hallucinations in cybersecurity is that the error can result in an organization failing to recognize a potential threat.
-
"Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining"The "TeamTNT" cryptojacking group is behind a new large-scale campaign targeting cloud-native environments for mining cryptocurrencies and renting out breached servers to third-parties.
-
"Evasive Panda's CloudScout Toolset Targets Taiwan"The Advanced Persistent Threat (APT) group "Evasive Panda" developed a toolset named "CloudScout," which has been targeting Taiwanese institutions to steal cloud-based data.
-
"Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel"Attackers could use a new technique to evade Microsoft's Driver Signature Enforcement (DSE) on fully patched Windows systems, resulting in Operating System (OS) downgrade attacks.
-
"US Says Chinese Hackers Breached Multiple Telecom Providers"The US Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have disclosed that hackers affiliated with the People's Republic of China (PRC) breached US commercial telecommunications service providers.
-
"Fog Ransomware Targets SonicWall VPNs to Breach Corporate Networks"The "Fog" and "Akira" ransomware operators are using SonicWall Virtual Private Network (VPN) accounts to breach corporate networks. They are suspected of exploiting a critical SSL VPN access control flaw.
-
"Cybercriminals Use Webflow to Deceive Users into Sharing Sensitive Login Credentials"Researchers at Netskope Threat Labs warn of an increase in phishing pages created with the website builder tool Webflow, as threat actors continue to exploit legitimate services such as Cloudflare and Microsoft Sway for their own benefit.
-
"Black Basta Ransomware Poses as IT Support on Microsoft Teams to Breach Networks"The "Black Basta" ransomware operation now uses Microsoft Teams to pose as corporate help desks contacting employees about a spam attack. Since April 2022, Black Basta has launched hundreds of ransomware attacks on corporations.