Apple recently updated visionOS, the operating system powering its Vision Pro virtual reality headset, to version 1.2, which addresses several vulnerabilities, including what may be the first security flaw that is specific to this product.  The company noted that the update patches nearly two dozen vulnerabilities.  However, a vast majority of them are in components that visionOS shares with other Apple products, such as iOS, macOS and tvOS.

British semiconductor giant Arm has recently warned customers about a memory safety bug in Mali GPU kernel drivers that has been exploited in the wild.  The vulnerability is tracked as CVE-2024-4610 and is a use-after-free issue that could be exploited by local users to make improper GPU memory processing operations.  The company noted that successful exploitation of the flaw allows a non-privileged attacker to access previously freed memory.  According to Arm, CVE-2024-4610 impacts the Bifrost and Valhall GPU kernel drivers.

Researchers from the University of Illinois Urbana-Champaign found that GPT-4-powered teams of bots can scan websites for zero-day vulnerabilities and attack them with 53 percent success. According to the researchers, Large Language Models (LLMs) can collaborate and work more effectively than a single instance of chatbot in exploiting real-world vulnerabilities. Their paper shows up to 4.5 times improvement over a standalone Artificial Intelligence (AI) agent.

Cisco's Talos research and threat intelligence unit found 15 vulnerabilities impacting AutomationDirect’s Productivity series Programmable Logic Controllers (PLCs). The vulnerabilities are all classified as being of high or critical severity. They can be exploited for Remote Code Execution (RCE) or Denial-of-Service (DoS) attacks, potentially disrupting industrial environments and causing significant costs.

According to Forescout's "The Riskiest Connected Devices in 2024" report, the number of Internet of Things (IoT) devices with vulnerabilities has increased by 136 percent. The study, involving the analysis of data from about 19 million devices, discovered that the proportion of IoT devices containing vulnerabilities increased from 14 percent in 2023 to 33 percent in 2024. Wireless access points, routers, printers, and IP cameras were the most vulnerable IoT devices. This article continues to discuss key findings from Forescout's report on the riskiest connected devices.

Security researchers at Huntr discovered a critical-severity vulnerability in the PyTorch machine learning library that could be exploited for remote code execution.  The vulnerability CVE-2024-5480 impacts the distributed RPC (Remote Procedure Call) framework of PyTorch.  The researchers said that the issue exists because the framework does not verify the functions called during RPC operations.

An anonymous threat actor has recently posted what they claim to be 270GB of source code stolen from the New York Times.  The alleged leak was first spotted by security researchers at vx-underground.  The researchers believe the actor targeted the New York Times’ GitHub account.

In a new update, Auction house Christie’s informed authorities that the data breach caused by a recent ransomware attack impacted the information of roughly 45,000 individuals.  The intrusion was discovered on May 9.  An investigation showed that the attackers managed to steal some files containing personal information. The notification letter sample submitted by Christie’s to the Maine AG does not specify what type of data was compromised besides names, driver’s license numbers, and non-driver identification card numbers.

Cleveland City Hall recently announced a temporary closure after a significant "cyber incident" that impacted the city's systems.  The city has been forced to shut down most internal systems to prevent further damage and investigate a significant cybersecurity breach.  The extent of the damage is not yet known.  City staff were told on Sunday night that they could not access most internal systems in the morning, with only essential and emergency services being maintained.

A new vulnerability has been discovered in EmailGPT, a Google Chrome extension and Application Programming Interface (API) service that uses OpenAI's GPT models to help Gmail users write emails. According to the Synopsys Cybersecurity Research Center (CyRC), the flaw allows attackers to control the Artificial Intelligence (AI) service by entering harmful prompts. The system may reveal sensitive information or execute unauthorized commands due to these malicious prompts. The issue can be exploited by anyone with EmailGPT access, raising concerns about widespread abuse.