Widely known artificial intelligence email assistant EmailGPT was discovered by researchers from Synopsys' Cybersecurity Research Center to be impacted by a medium-severity prompt injection vulnerability, which could be exploited to enable data exposure, financial loss, and denial-of-service attacks, according to Hackread.
Vulnerable Apache RocketMQ instances impacted by the critical remote code execution bug, tracked as CVE-2023-33246, are being targeted by the Muhstik botnet to facilitate more expansive distributed denial-of-service and cryptocurrency mining intrusions, reports The Hacker News.
Fixes have been issued by Taiwanese networking device manufacturer Zyxel to address five security vulnerabilities impacting its NAS326 and NAS542 network-attached storage devices that have not been supported since the end of 2023, including three critical flaws that could be exploited to facilitate remote code execution and command injection attacks, according to The Register.
CyberScoop reports that NSO Group's Pegasus spyware targeted five journalists and two activists in Europe, most of whom were in exile, from August 2020 to June 2023.
Canadian province British Columbia had 22 government email inboxes compromised following a suspected state-sponsored cyberattack that commenced in April, which exposed information from nearly 20 individuals, reports The Record, a news site by cybersecurity firm Recorded Future.
Data breach notification service Have I Been Pwned has been updated to include 361 million email addresses from credentials exfiltrated in credential-stuffing attacks and password-stealing malware intrusions that have been leaked on Telegram channels used by cybercriminals, BleepingComputer reports.
Millions of modems by U.S. broadband provider Cox could have been hacked through the exploitation of several authentication bypass vulnerabilities that could enable privilege escalation and data exfiltration activities, reports The Hacker News.
More than 900 of almost 2,300 official government email addresses belonging to politicians of Great Britain, France, and European Parliament have been exposed on the dark web, mostly impacting British senior government and opposition members, whose email addresses appeared over 2,100 times, SecurityWeek reports.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.