Tag: threats
-
Alerts: CISA Adds Three Known Exploited Vulnerabilities to Catalog
Source URL: https://www.cisa.gov/news-events/alerts/2025/01/07/cisa-adds-three-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Three Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-41713 Mitel MiCollab Path Traversal Vulnerability CVE-2024-55550 Mitel MiCollab Path Traversal Vulnerability CVE-2020-2883 Oracle WebLogic Server Unspecified Vulnerability Users and administrators are also encouraged to…
-
The Register: Turbulence at UN aviation agency as probe into potential data theft begins
Source URL: https://www.theregister.com/2025/01/07/icao_data_theft_investigation/ Source: The Register Title: Turbulence at UN aviation agency as probe into potential data theft begins Feedly Summary: Crime forum-dweller claims to have leaked 42,000 documents packed with personal info The United Nations’ aviation agency is investigating “a potential information security incident" after a cybercriminal claimed they had laid hands on 42,000…
-
Anchore: All Things SBOM in 2025: a Weekly Webinar Series
Source URL: https://anchore.com/blog/all-things-sbom-in-2025-a-weekly-webinar-series/ Source: Anchore Title: All Things SBOM in 2025: a Weekly Webinar Series Feedly Summary: Software Bills of Materials (SBOMs) have quickly become a critical component in modern software supply chain security. By offering a transparent view of all the components that make up your applications, SBOMs enable you to pinpoint vulnerabilities before…
-
Embrace The Red: AI Domination: Remote Controlling ChatGPT ZombAI Instances
Source URL: https://embracethered.com/blog/posts/2025/spaiware-and-chatgpt-command-and-control-via-prompt-injection-zombai/ Source: Embrace The Red Title: AI Domination: Remote Controlling ChatGPT ZombAI Instances Feedly Summary: At Black Hat Europe I did a fun presentation titled SpAIware and More: Advanced Prompt Injection Exploits. Without diving into the details of the entire talk, the key point I was making is that prompt injection can impact…
-
The Register: Charter, Consolidated, Windstream reportedly join Salt Typhoon victim list
Source URL: https://www.theregister.com/2025/01/06/charter_consolidated_windstream_salt_typhoon/ Source: The Register Title: Charter, Consolidated, Windstream reportedly join Salt Typhoon victim list Feedly Summary: The slow drip of compromised telecom networks continues The list of telecommunications victims in the Salt Typhoon cyberattack continues to grow as a new report names Charter Communications, Consolidated Communications, and Windstream among those breached by Chinese…
-
Cloud Blog: Introducing Google Cloud Abuse Event Logging to enable automated incident remediation
Source URL: https://cloud.google.com/blog/products/identity-security/introducing-abuse-event-logging-for-automated-incident-remediation/ Source: Cloud Blog Title: Introducing Google Cloud Abuse Event Logging to enable automated incident remediation Feedly Summary: At Google Cloud, we are deeply committed to partnering with our customers to help achieve stronger security outcomes. As a part of this commitment, we’re excited to announce that Google Cloud customers can now track…
-
The Register: After China’s Salt Typhoon, the reconstruction starts now
Source URL: https://www.theregister.com/2025/01/06/opinion_column_cybersec/ Source: The Register Title: After China’s Salt Typhoon, the reconstruction starts now Feedly Summary: If 40 years of faulty building gets blown down, don’t rebuild with the rubble Opinion When a typhoon devastates a land, it takes a while to understand the scale of the destruction. Disaster relief kicks in, communications rebuilt,…