Cloud Security‘LLM hijacking’ of cloud infrastructure uncovered by researchersLaura FrenchOctober 3, 2024Attackers leverage exposed access keys to run chatbot services at the victim’s expense.
Vulnerability ManagementIvanti warns critical flaws in Endpoint Manager exploited in the wildShaun NicholsOctober 3, 2024Ivanti is advising administrators to get up to date on their patches following a new spell of exploits against Endpoint Manager (EPM).
Network Security14 DrayTek vulnerabilities patched, including max-severity RCE flawLaura FrenchOctober 2, 2024More than 267,000 internet-exposed routers are likely vulnerable to exploitation.
Network SecurityZimbra email platform under active attack, RCE possibleShaun NicholsOctober 2, 2024If properly executed, the exploit would allow an attacker to obtain remote code execution on the target server.
RansomwareNorth Korean’s Stonefly shifts from espionage to ransomware, extortionSteve ZurierOctober 2, 2024While it not has been successful on its first wave of attacks, security pros warn that Stonefly intends to extort U.S. companies via ransomware.
Network SecuritySAP, D-Link flaws among 4 added to Known Exploited Vulnerabilities catalogLaura FrenchOctober 1, 2024Older, unpatched vulnerabilities remain a risk for organizations.
RansomwareEvil Corp/REvil malware crime group outed as a family affairShaun NicholsOctober 1, 2024The Evil Corp/Revil malware operation was the work of a small group of criminals who had family ties and Kremlin connections.
Critical Infrastructure SecurityOver two dozen critical bugs found in voter registration, court systemsSteve ZurierOctober 1, 2024One of the vulnerabilities could let a threat actor with limited skills cancel voter registrations.
AI/MLCybersecurity experts praise veto of California’s AI safety billLaura FrenchSeptember 30, 2024Despite its good intentions, many experts said the bill took a flawed approach to regulating AI safety.
Application securityResearchers hacked Kia cars armed with only license plate numbersShaun NicholsSeptember 30, 2024A team of security researchers discovered a vulnerability that allows for Kia cars to be remotely compromised with nothing more than a license plate number.