Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise
Cisco has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an ...
Amazon
20 articles
New Progress ShareFile flaws can be chained in pre-auth RCE attacks
Two vulnerabilities in Progress ShareFile, an enterprise-grade secure file transfer solution, can be chained to enable unauthenticated file exfiltration from...
The European Commission confirms attack on its Europa web platform
The European Commission has confirmed a cyberattack affecting its Europa.eu web platform, with initial reports indicating that the attackers accessed the dat...
Cambodia extradites alleged cyber scam linchpin to China as crackdown intensifies
Li Xiong was the head of Huione Group, whose branded entities at one time included an online banking arm, cryptocurrency exchange and online marketplace whic...
Cisco Faces Alleged Data Leak as ShinyHunters Claims Responsibility
Cisco is actively dealing with a major cybersecurity incident after threat actors breached its internal development networks. The notorious hacking group Shi...
ImageMagick Zero-Day Enables RCE on Linux and WordPress Servers
New research from Octagon Networks reveals a critical zero-day ImageMagick vulnerability that allows Remote Code Execution (RCE) via simple image uploads aff...
CrewAI Hit by Critical Vulnerabilities Enabling Sandbox Escape and Host Compromise
CrewAI, a prominent tool used by developers to orchestrate multi-agent AI systems, is currently vulnerable to a chain of critical security flaws. By using di...
OkCupid, Match Group settle with FTC over unlawful data sharing with AI firm
Dating app OkCupid and its parent company Match Group Americas have reached a settlement with the Federal Trade Commission, following the latter's lawsuit th...
New compliance guide available: ISO/IEC 27001:2022 on AWS
We’re excited to announce the release of our latest compliance guide, ISO/IEC 27001:2022 on AWS, which provides practical guidance for organizations designin...
Amazon sends AI agents into pen testing and DevOps
Amazon’s latest AI capabilities bring on-demand penetration testing through the AWS Security Agent, alongside the AWS DevOps Agent. “These agents are changin...
Maryland Man Charged Over $53m Uranium Finance Crypto Hack
Maryland man accused of $53m Uranium Finance hack, exploited smart contract flaws, laundered funds
TeamPCP Moves From OSS to AWS Environments
After validating stolen credentials using TruffleHog, the hacking group started AWS services enumeration and lateral movement activities. The post TeamPCP Mo...
What’s new in Tenable Cloud Security: Custom policies, AWS ABAC, and research-driven protection
Stop the noise and scale your cloud security. Our latest updates introduce custom policy automation via Explorer, AWS ABAC support for true least privilege, ...
OpenAI patches twin leaks as Codex slips and ChatGPT spills
OpenAI has fixed two flaws in its AI stack that could allow AI agents to move sensitive data in unintended ways. The issues, disclosed by researchers at Beyo...
PNG Vulnerabilities Allow Attackers to Trigger Crashes and Leak Sensitive Data
Security researchers have disclosed two high-severity vulnerabilities in libpng, the widely deployed reference library used for processing Portable Network G...
Claude AI Uncovers Zero-Day RCE Vulnerabilities in Vim and Emacs
Security researchers at Calif recently demonstrated the evolving power of artificial intelligence in vulnerability research by using Claude AI to uncover zer...
Major services accessible via exposed API keys, report finds
Nearly 2,000 API credentials enabling access to AWS, OpenAI, GitHub, and Stripe have been observed by Stanford University researchers to be exposed across 10...
LangChain path traversal bug adds to input validation woes in AI pipelines
Security researchers are warning that applications using AI frameworks without proper safeguards can expose sensitive information in basic, yet critical, non...
European Commission Confirms Cloud Data Breach
The European Commission has revealed details of a data breach impacting its AWS infrastructure
Critical Grafana Flaws Allow Attackers to Achieve Remote Code Execution
Grafana Labs has rolled out critical security updates to address two severe vulnerabilities impacting its widely used analytics and interactive visualization...