Trusted Cybersecurity News Platform
Since the initial disclosure of 15 vulnerabilities in November 2023, a 220% increase in vulnerabilities impacting AI systems has been discovered, bringing the total to 48 vulnerabilities. The world’s first AI/ML bug bounty program, Protect AI, analyzes the whole OSS AI/ML supply chain for significant vulnerabilities. The experts discovered that specific security risks may be…
Large language models (LLMs) have achieved superhuman performance on many benchmarks, leading to a surge of interest in LLM agents capable of taking action, self-reflecting, and reading documents. While these agents have shown potential in areas like software engineering and scientific discovery, their ability in cybersecurity remains largely unexplored. Cybersecurity researchers Richard Fang, Rohan Bindu,…
A new backdoor named “Kapeka” has been identified to be attacking victims in Eastern Europe since mid-2022. Kapeka is a flexible backdoor that acts as an initial stage toolkit for the threat actors. In addition, the backdoor also overlaps with GreyEnergy and Prestige Ransomware attacks, which are linked to a threat group named Sandworm. Sandworm threat actors…
Palo Alto Networks has shared more details of a critical security flaw impacting PAN-OS that has come under active exploitation in the wild by malicious actors. The company described the vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), as “intricate” and a combination of two bugs in versions PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 of the software….
The MITRE Corporation, a non-profit organization that runs federally funded research and development centers, has disclosed that a sophisticated cyber attack recently compromised one of its internal research and development networks. MITRE detected the attack on one of its internal R&D networks and took immediate action to contain the incident. The attack was believed to…
There are a variety of Python security tools are using in the cybersecurity industries and python is one of the widely used programming languages to develop penetration testing tools. For anyone who is involved in vulnerability research, reverse engineering or pen-testing, Cyber Security News suggests trying out mastering in Python For Hacking From Scratch. It has highly…
Cisco introduced its latest innovation, Cisco Hypershield, marking a significant milestone in the evolution of cybersecurity. Described as the most consequential security product in the company’s history, Hypershield is a cloud-native, AI-powered solution designed to enhance the security of AI-scale data centers. This new technology is integrated directly into the network’s fabric, offering a revolutionary…
Google has announced a comprehensive update to the Chrome and Extended Stable channels. The latest release, version 124.0.6367.60/.61 for Windows and Mac and version 124.0.6367.60 for Linux, addresses 23 security vulnerabilities. This update underscores Google’s ongoing commitment to safeguarding users against the evolving landscape of cyber threats. Version and Platform Details The update has been…
In a sophisticated cyber attack, hackers have been discovered impersonating LastPass employees in an elaborate phishing campaign designed to steal users’ master passwords and hijack their accounts. This alarming development was recently highlighted by LastPass on their official blog, shedding light on the dangers posed by the CryptoChameleon phishing kit. The campaign, initially identified by cybersecurity firm…
An attacker with read-only or higher privileges on a Cisco Integrated Management Controller (IMC) can exploit a command injection vulnerability (CVE-2024-20295) to gain full control (root access) of the underlying operating system. The vulnerability exists due to insufficient validation of user-supplied input on the IMC CLI and there are no workarounds available, but software updates…