Cybersecurity researchers have uncovered a critical vulnerability in the artificial intelligence supply chain that enables attackers to achieve remote code execution across major cloud platforms including Microsoft Azure AI Foundry, Google Vertex AI, and thousands of open-source projects. The newly discovered attack method, termed “Model Namespace Reuse,” exploits a fundamental flaw in how AI platforms […] The post New Namespace Reuse Vulnerability Allows Remote Code Execution in Microsoft Azure AI, Google Vertex AI, and Hugging Face appeared first on Cyber…

A comprehensive security investigation has uncovered a disturbing reality in the artificial intelligence infrastructure landscape: more than 1,100 instances of Ollama, a popular framework for running large language models locally, have been discovered exposed directly to the internet. This widespread exposure represents a significant security breach that affects organizations across multiple countries and continents. The […] The post 1,100 Ollama AI Servers Exposed to Internet With 20% of Them are Vulnerable appeared first on Cyber Security News.

A sophisticated new ransomware strain known as Dire Wolf has emerged as a significant threat to organizations worldwide, combining advanced encryption techniques with destructive anti-recovery capabilities. The malware group first appeared in May 2025 and has since targeted 16 organizations across diverse industries including manufacturing, IT, construction, and finance in regions spanning Asia, Australia, Italy, […] The post New Dire Wolf Ransomware Attack Windows Systems, Deletes Event Logs and Backup-Related Data appeared first on Cyber Security News.

A critical security vulnerability affecting Apache DolphinScheduler’s default permission system has been identified and patched, prompting urgent update recommendations from the Apache Software Foundation. The vulnerability, which stems from overly permissive default configurations in the popular workflow scheduling platform, allows unauthorized users to execute arbitrary workflows and access sensitive system resources without proper authentication controls. […] The post Apache DolphinScheduler Default Permissions Vulnerability Fixed – Update Now appeared first on Cyber Security News.

The U.S. District Court for the District of Columbia has ordered Google to share critical search data with competitors while allowing the tech giant to retain ownership of its Chrome browser. The decision, announced Tuesday by the Department of Justice’s Antitrust Division, represents a significant victory in the government’s ongoing battle against Google’s search monopoly […] The post Google Won’t Be Forced to Sell Chrome, But Must Share Search Data With Rivals appeared first on Cyber Security News.

A sophisticated new backdoor malware has emerged from the shadows, operating undetected for over 20 months while infiltrating networks through an ingenious dual-mode activation system. Initially discovered masquerading as a Mirai variant, MystRodX represents a significant evolution in stealth malware design, utilizing DNS queries and ICMP packets as covert communication channels to evade traditional security […] The post MystRodX Leveraging DNS and ICMP to Steal Sensitive Data From Hacked Systems appeared first on Cyber Security News.

A sophisticated phishing operation has been running undetected for over three years across Google Cloud and Cloudflare infrastructure, impersonating major corporations including defense contractor Lockheed Martin. The campaign, which utilized advanced cloaking techniques and compromised expired domains, demonstrates a concerning failure in detection capabilities by two of the internet’s largest service providers. The operation began […] The post Phishing Campaign Went Undetected for Over 3 Years on Google Cloud and Cloudflare appeared first on Cyber Security News.

Disney Worldwide Services, Inc. and Disney Entertainment Operations LLC have agreed to pay $10 million in a landmark settlement to resolve allegations that they systematically collected personal data from children under 13 in violation of the Children’s Online Privacy Protection Act (COPPA) Rule. The U.S. Department of Justice, acting at the behest of the Federal […] The post Disney Agreed to Pay $10 Million for Collection Personal Data From Children appeared first on Cyber Security News.

A sophisticated new Python-based information stealer has emerged in the cybersecurity landscape, demonstrating advanced capabilities for data exfiltration through Discord channels. The malware, identified as “Inf0s3c Stealer,” represents a significant evolution in the realm of data theft tools, combining traditional system reconnaissance techniques with modern communication platforms to avoid detection while efficiently harvesting sensitive information […] The post New Stealthy Python Malware Leverages Discord to Steal Data From Windows Machines appeared first on Cyber Security News.