Security News > 2024 > February
A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges. Tracked as CVE-2023-40000, the...
The White House is asking the technical community to switch to using memory-safe programming languages - such as Rust, Python, Swift, C#, Java, and Go - to prevent memory corruption vulnerabilities from entering the digital ecosystem. To help with the transition, the White House Office of the National Cyber Director has released a report outlining why memory-safe programming languages and memory-safe hardware is needed, and outlines formal methods to give software developers greater assurance that entire classes of vulnerabilities - not just memory safety bugs - are absent.
Malicious JavaScript code hidden in a Tornado Cash governance proposal has been leaking deposit notes and data to a private server for almost two months. A security researcher using the nickname Gas404 discovered and reported the malicious code, urging stakeholders to veto the malicious governance proposals.
An "intricately designed" remote access trojan (RAT) called Xeno RAT has been made available on GitHub, making it available to other actors at no extra cost. Written in C# and compatible with...
Meta, the company that owns some of the biggest social networks in use today, has explained how it means to tackle disinformation related to the upcoming EU Parliament elections, with a special emphasis on how it plans to treat AI-generated content that's meant to deceive. Many platforms have been publishing reports on their efforts to curb influence operations, disinformation and misleading content for many years, but it's becoming obvious that they must ramp up their efforts.
Russian threat actors APT29 are changing their techniques and expanding their targets to access cloud environments, members of the Five Eyes intelligence alliance have warned. Microsoft was victim of the same breach and, more recently, the same threat actors hacked into its corporate mailboxes, stealing emails and attached documents.
Last week, someone posted something like 570 files, images and chat logs from a Chinese company called I-Soon. I-Soon sells hacking and espionage services to Chinese national and local government.
Processing alerts quickly and efficiently is the cornerstone of a Security Operations Center (SOC) professional's role. Threat intelligence platforms can significantly enhance their ability to do...
Cybersecurity and intelligence agencies from the Five Eyes nations have released a joint advisory detailing the evolving tactics of the Russian state-sponsored threat actor known as APT29. The...
Cybersecurity researchers have found that it's possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models submitted by users and result in supply chain...