Security News

Critical Fluent Bit bug affects all major cloud providers, say researchers
2024-05-21 17:45

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox
2024-05-21 10:22

A critical security flaw has been disclosed in the llama_cpp_python Python package that could be exploited by threat actors to achieve arbitrary code execution. Tracked as CVE-2024-34359 (CVSS...

Researchers call out QNAP for dragging its heels on patch development
2024-05-20 14:00

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Researchers Uncover 11 Security Flaws in GE HealthCare Ultrasound Machines
2024-05-16 10:12

Security researchers have disclosed almost a dozen security flaws impacting the GE HealthCare Vivid Ultrasound product family that could be exploited by malicious actors to tamper with patient...

Researchers Uncover 'LLMjacking' Scheme Targeting Cloud-Hosted AI Models
2024-05-10 07:41

Cybersecurity researchers have discovered a novel attack that employs stolen cloud credentials to target cloud-hosted large language model (LLM) services with the goal of selling access to other...

Chinese government website security is often worryingly bad, say Chinese researchers
2024-05-03 02:34

Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests.

Researchers unveil novel attack methods targeting Intel’s conditional branch predictor
2024-04-29 10:42

Researchers have found two novel types of attacks that target the conditional branch predictor found in high-end Intel processors, which could be exploited to compromise billions of processors currently in use. The new paper, "Pathfinder: High-Resolution Control-Flow Attacks Exploiting the Conditional Branch Predictor," details two novel attacks that could compromise the billions of Intel processors in use.

Flaws in Chinese keyboard apps leave 750 million users open to snooping, researchers claim
2024-04-26 05:33

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Researchers sinkhole PlugX malware server with 2.5 million unique IPs
2024-04-25 19:20

Researchers have sinkholed a command and control server for a variant of the PlugX malware and observed in six months more than 2.5 million connections from unique IP addresses. Since September 2023, when Sekoia captured the unique IP address associated with the particular C2, it has logged over 2,495,297 unique IPs from 170 countries interacting with its sinkhole.

Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike
2024-04-24 13:36

Cybersecurity researchers have discovered an ongoing attack campaign that's leveraging phishing emails to deliver malware called SSLoad. The campaign, codenamed FROZEN#SHADOW by Securonix, also...