-
A newly discovered vulnerability in the AI supply chain—termed Model Namespace Reuse—permits attackers to achieve Remote Code Execution (RCE) across major AI platforms, including Microsoft Azure AI Foundry, Google Vertex AI, and thousands of open-sourc…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about a serious security hole in certain TP-Link devices. This flaw, tracked as CVE-2020-24363, allows an attacker on the same network to take control without needing …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
PagerDuty, a leader in digital operations management, has confirmed a security incident that resulted in unauthorized access to some of its data stored in Salesforce. The company stated that no PagerDuty platform credentials were compromised and that the breach resulted from a vulnerability in a third-party application, Salesloft Drift. The incident’s timeline began on August […] The post PagerDuty Confirms Data Breach After Third-Party App Vulnerability Exposes Salesforce Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
More than 1,100 instances of Ollama—a popular framework for running large language models (LLMs) locally—were discovered directly accessible on the public internet, with approximately 20% actively hosting vulnerable models that could be exploited by un…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The recently emerged DireWolf ransomware group has launched a sophisticated new campaign targeting Windows systems worldwide, employing ruthless tactics to delete event logs, erase backup-related data, and thwart recovery efforts. First sighted in May …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A low-severity security issue in Apache DolphinScheduler has been addressed in the latest release. Identified as CVE-2024-43166 and classified under CWE-276: Incorrect Default Permissions, this vulnerability affects all DolphinScheduler versions prior …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The U.S. District Court for the District of Columbia today imposed landmark remedies in the Justice Department’s monopolization case against Google, ordering the tech giant to share critical search data with competitors and outlawing exclusive distribu…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
NVIDIA today released critical security updates for its BlueField, ConnectX, DOCA, Mellanox DPDK, Cumulus Linux, and NVOS products. The Partner Security Bulletin addresses multiple vulnerabilities that could allow denial of service (DoS), escalation of…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has released Chrome 140 to the stable channel for Windows, Mac, and Linux. This update will roll out to users over the coming days and weeks. The new version, 140.0.7339.80 for Linux and 140.0.7339.80/81 for Windows and Mac, delivers several sec…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The BC-SECURITY team has released a major update to its flagship offensive security framework, Empire, introducing enhanced agent capabilities and comprehensive API support designed to streamline post-exploitation operations and adversary emulatio…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
