Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
DeepSeek AI Database Exposed: Over 1 Million Log Lines, Secret Keys Leaked
Buzzy Chinese artificial intelligence (AI) startup DeepSeek, which has had a meteoric rise in popularity in recent days, left one of its databases exposed on the internet, which could have allowed malicious actors to gain access to sensitive data. The ClickHouse database "allows full control over database operations, including the ability to access internal data," Wiz security researcher Gal
Published on: January 30, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Untrustworthy AI: How to deal with data poisoning
You should think twice before trusting your AI assistant, as database poisoning can markedly alter its output β even dangerously so
Published on: January 30, 2025 | Source:Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits
Three security flaws have been disclosed in the open-source PHP package Voyager that could be exploited by an attacker to achieve one-click remote code execution on affected instances. "When an authenticated Voyager user clicks on a malicious link, attackers can execute arbitrary code on the server," Sonar researcher Yaniv Nizry said in a write-up published earlier this week. The
Published on: January 30, 2025 | Source:Fake Videos of Former First Lady Scam Namibians
Amateurish financial scams are common across Africa, and Namibia's influential former first lady, Monica Geingos, has emerged as a particularly effective host body for these messages.
Published on: January 30, 2025 | Source:New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks
A Mirai botnet variant dubbed Aquabot has been observed actively attempting to exploit a medium-severity security flaw impacting Mitel phones in order to ensnare them into a network capable of mounting distributed denial-of-service (DDoS) attacks. The vulnerability in question is CVE-2024-41710 (CVSS score: 6.8), a case of command injection in the boot process that could allow a malicious actor
Published on: January 30, 2025 | Source:PrintNightmare Aftermath: Windows Print Spooler Is Better. What's Next?
While Microsoft has boosted the security of Windows Print Spooler in the three years since the disclosure of the PrintNightmare vulnerability, the service remains a spooky threat that organizations cannot afford to ignore.
Published on: January 29, 2025 | Source:Researchers Uncover Lazarus Group Admin Layer for C2 Servers
The threat actor is using a sophisticated network of VPNs and proxies to centrally manage command-and-control servers from Pyongyang.
Published on: January 29, 2025 | Source:FBI seizes major cybercrime forums in coordinated domain takedown
The domains for Cracked and Nulled now redirect to FBI-controlled servers. The post FBI seizes major cybercrime forums in coordinated domain takedown appeared first on CyberScoop.
Published on: January 29, 2025 | Source:Unpatched Zyxel CPE Zero-Day Pummeled by Cyberattackers
VulnCheck initially disclosed the critical command-injection vulnerability (CVE-2024-40891) six months ago, but Zyxel has yet to mention its existence or offer users a patch to mitigate threats.
Published on: January 29, 2025 | Source:Mirai Variant 'Aquabot' Exploits Mitel Device Flaws
Yet another spinoff of the infamous DDoS botnet is exploiting a known vulnerability in active attacks, while its threat actors are promoting it on Telegram for other attackers to use as well, in a DDoS-as-a-service model.
Published on: January 29, 2025 | Source:Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks
The North Korean threat actor known as the Lazarus Group has been observed leveraging a "web-based administrative platform" to oversee its command-and-control (C2) infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns. "Each C2 server hosted a web-based administrative platform, built with a React application and a Node.js API," SecurityScorecard's
Published on: January 29, 2025 | Source:New Zyxel Zero-Day Under Attack, No Patch Available
GreyNoise reports active exploitation of a newly discovered zero-day vulnerability in Zyxel CPE devices. There are no patches available. The post New Zyxel Zero-Day Under Attack, No Patch Available appeared first on SecurityWeek.
Published on: January 29, 2025 | Source:Vulnerability in popular AI developer could βshut down essentially everything you ownβΒ
The flaw in Lightning.AIβs platform, which has been patched, would have given root access to an attacker and broad control over a victimβs cloud-based studio and connected systems. The post Vulnerability in popular AI developer could βshut down essentially everything you ownβ appeared first on CyberScoop.
Published on: January 29, 2025 | Source:Oligo Raises $50M to Tackle Application Detection and Response
Oligo Security has raised $50 million in Series B funding for its application detection and response (ADR) platform. The post Oligo Raises $50M to Tackle Application Detection and Response appeared first on SecurityWeek.
Published on: January 29, 2025 | Source:The Old Ways of Vendor Risk Management Are No Longer Good Enough
Managing third-party risk in the SaaS era demands a proactive, data-driven approach beyond checkbox compliance.
Published on: January 29, 2025 | Source:New SLAP and FLOP CPU Attacks Expose Data From Apple Computers, Phones
New CPU side-channel attacks named SLAP and FLOP can be exploited to remotely steal data from Apple mobile and desktop devices. The post New SLAP and FLOP CPU Attacks Expose Data From Apple Computers, Phones appeared first on SecurityWeek.
Published on: January 29, 2025 | Source:Aquabot Botnet Targeting Vulnerable Mitel Phones
The Mirai-based Aquabot botnet has been targeting a vulnerability in Mitel SIP phones for which a proof-of-concept (PoC) exploit exists. The post Aquabot Botnet Targeting Vulnerable Mitel Phones appeared first on SecurityWeek.
Published on: January 29, 2025 | Source:ExxonMobil Lobbyist Caught Hacking Climate Activists
The Department of Justice is investigating a lobbying firm representing ExxonMobil for hacking the phones of climate activists: The hacking was allegedly commissioned by a Washington, D.C., lobbying firm, according to a lawyer representing the U.S. government. The firm, in turn, was allegedly working on behalf of one of the worldβs largest oil and gas companies, based in Texas, that wanted to discredit groups and...
Published on: January 29, 2025 | Source:Smiths Group Scrambling to Restore Systems Following Cyberattack
Engineering firm Smiths Group has disclosed a cyberattack that forced it to take some systems offline and activate business continuity plans. The post Smiths Group Scrambling to Restore Systems Following Cyberattack appeared first on SecurityWeek.
Published on: January 29, 2025 | Source:AI in Cybersecurity: What's Effective and Whatβs Not β Insights from 200 Experts
Curious about the buzz around AI in cybersecurity? Wonder if it's just a shiny new toy in the tech world or a serious game changer? Let's unpack this together in a not-to-be-missed webinar that goes beyond the hype to explore the real impact of AI on cybersecurity. Join Ravid Circus, a seasoned pro in cybersecurity and AI, as we peel back the layers of AI in cybersecurity through a revealing
Published on: January 29, 2025 | Source:Rockwell Patches Critical, High-Severity Vulnerabilities in Several Products
Rockwell Automation has released six new security advisories to inform customers about several critical and high-severity vulnerabilities. The post Rockwell Patches Critical, High-Severity Vulnerabilities in Several Products appeared first on SecurityWeek.
Published on: January 29, 2025 | Source:Cyber Insights 2025: Artificial Intelligence
Artificial intelligence is upending cybersecurity. It is used by adversaries in their attacks, and by defenders in their defense. The post Cyber Insights 2025: Artificial Intelligence appeared first on SecurityWeek.
Published on: January 29, 2025 | Source:New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits
A team of security researchers from Georgia Institute of Technology and Ruhr University Bochum has demonstrated two new side-channel attacks targeting Apple silicon that could be exploited to leak sensitive information from web browsers like Safari and Google Chrome. The attacks have been codenamed Data Speculation Attacks via Load Address Prediction on Apple Silicon (SLAP) and Breaking the
Published on: January 29, 2025 | Source:SimpleHelp Remote Access Software Exploited in Attacks
Threat actors have been exploiting SimpleHelp remote access software shortly after the disclosure of three vulnerabilities. The post SimpleHelp Remote Access Software Exploited in Attacks appeared first on SecurityWeek.
Published on: January 29, 2025 | Source:How Interlock Ransomware Infects Healthcare Organizations
Ransomware attacks have reached an unprecedented scale in the healthcare sector, exposing vulnerabilities that put millions at risk. Recently, UnitedHealth revealed that 190 million Americans had their personal and healthcare data stolen during the Change Healthcare ransomware attack, a figure that nearly doubles the previously disclosed total. This breach shows just how deeply ransomware
Published on: January 29, 2025 | Source:Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution
A critical security flaw has been disclosed in the Cacti open-source network monitoring and fault management framework that could allow an authenticated attacker to achieve remote code execution on susceptible instances. The flaw, tracked as CVE-2025-22604, carries a CVSS score of 9.1 out of a maximum of 10.0. "Due to a flaw in the multi-line SNMP result parser, authenticated users can inject
Published on: January 29, 2025 | Source:Frenos Raises $3.88M in Seed Funding for OT Security Assessment Platform
Frenos, a company that has developed an autonomous OT security assessment platform, has raised $3.88 million in seed funding. The post Frenos Raises $3.88M in Seed Funding for OT Security Assessment Platform appeared first on SecurityWeek.
Published on: January 29, 2025 | Source:Brian Greene: Until the end of time | Starmus highlights
The renowned physicist explores how time and entropy shape the evolution of the universe, the nature of existence, and the eventual fate of everything, including humanity
Published on: January 29, 2025 | Source:UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents
The advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal of delivering a known malware dubbed HATVIBE. "This research focuses on completing the picture of UAC-0063's operations, particularly documenting their expansion beyond their initial focus on Central Asia,
Published on: January 29, 2025 | Source:Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer
Broadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that could be weaponized by malicious actors to gain entrenched database access. The vulnerability, tracked as CVE-2025-22217 (CVSS score: 8.6), has been described as an unauthenticated blind SQL injection. "A malicious user with network access may be able to use specially crafted SQL queries to gain database
Published on: January 29, 2025 | Source:Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability
Cybersecurity researchers are warning that a critical zero-day vulnerability impacting Zyxel CPE Series devices is seeing active exploitation attempts in the wild. "Attackers can leverage this vulnerability to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration," GreyNoise researcher Glenn Thorpe said in an alert
Published on: January 29, 2025 | Source:7 Tips for Strategically Saying 'No' in Cybersecurity
Cybersecurity can't always be "Department of No," but saying yes all the time is not the answer. Here is how to enable innovation gracefully without adding risk to the organization.
Published on: January 28, 2025 | Source:CrowdStrike Highlights Magnitude of Insider Risk
The impetus for CrowdStrike's new professional services came from last year's Famous Chollima threat actors, which used fake IT workers to infiltrate organizations and steal data.
Published on: January 28, 2025 | Source:Lynx Ransomware Group 'Industrializes' Cybercrime With Affiliates
The ransomware group provides everything an affiliate could want to breach and attack victims, including a quality controlled recruitment system to engage even more criminals.
Published on: January 28, 2025 | Source:Trump pauses on grants, aid leaves federal cyber programs in state of confusion
A series of moves from the president raises questions about whatβs next for the federal governmentβs many cyber grant and aid initiatives. The post Trump pauses on grants, aid leaves federal cyber programs in state of confusion appeared first on CyberScoop.
Published on: January 28, 2025 | Source: