Tag: vulnerability
-
Slashdot: Canadian Telecom Hacked By Suspected China State Group
Source URL: https://tech.slashdot.org/story/25/06/23/201237/canadian-telecom-hacked-by-suspected-china-state-group?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Canadian Telecom Hacked By Suspected China State Group Feedly Summary: AI Summary and Description: Yes Summary: The text outlines a significant cyber attack on a Canadian telecommunications provider by hackers associated with the Chinese government, exploiting a critical vulnerability in Cisco devices. This incident underscores the importance of timely…
-
The Register: Former US Army Sergeant pleads guilty after amateurish attempt at selling secrets to China
Source URL: https://www.theregister.com/2025/06/23/infosec_news_in_brief/ Source: The Register Title: Former US Army Sergeant pleads guilty after amateurish attempt at selling secrets to China Feedly Summary: PLUS: 5.4M healthcare records leak; AI makes Spam harder to spot; Many nasty Linux vulns; and more Infosec in brief A former US Army sergeant has admitted he attempted to sell classified…
-
Simon Willison’s Weblog: Cato CTRL™ Threat Research: PoC Attack Targeting Atlassian’s Model Context Protocol (MCP) Introduces New “Living off AI” Risk
Source URL: https://simonwillison.net/2025/Jun/19/atlassian-prompt-injection-mcp/ Source: Simon Willison’s Weblog Title: Cato CTRL™ Threat Research: PoC Attack Targeting Atlassian’s Model Context Protocol (MCP) Introduces New “Living off AI” Risk Feedly Summary: Cato CTRL™ Threat Research: PoC Attack Targeting Atlassian’s Model Context Protocol (MCP) Introduces New “Living off AI” Risk Stop me if you’ve heard this one before: A…
-
The Register: Asana’s cutting-edge AI feature ran into a little data leakage problem
Source URL: https://www.theregister.com/2025/06/18/asana_mcp_server_bug/ Source: The Register Title: Asana’s cutting-edge AI feature ran into a little data leakage problem Feedly Summary: New MCP server was shut down for nearly two weeks Asana has fixed a bug in its Model Context Protocol (MCP) server that could have allowed users to view other organizations’ data, and the experimental…
-
Cloud Blog: What’s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia
Source URL: https://cloud.google.com/blog/topics/threat-intelligence/creative-phishing-academics-critics-of-russia/ Source: Cloud Blog Title: What’s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia Feedly Summary: Written by: Gabby Roncone, Wesley Shields In cooperation with external partners, Google Threat Intelligence Group (GTIG) observed a Russia state-sponsored cyber threat actor impersonating the U.S. Department of State. From at least…
-
Cloud Blog: Enhancing backup vaults with support for Persistent Disk, Hyperdisk, and multi-regions
Source URL: https://cloud.google.com/blog/products/storage-data-transfer/backup-vaults-add-support-for-disk-backup-and-multi-region/ Source: Cloud Blog Title: Enhancing backup vaults with support for Persistent Disk, Hyperdisk, and multi-regions Feedly Summary: To help protect against evolving digital threats like ransomware and malicious deletions, last year, we introduced backup vault in the Google Cloud Backup and DR service, with support for Compute Engine VM backups. This provided…
-
The Register: Sitecore CMS flaw let attackers brute-force ‘b’ for backdoor
Source URL: https://www.theregister.com/2025/06/17/sitecore_rce_vulnerabilities/ Source: The Register Title: Sitecore CMS flaw let attackers brute-force ‘b’ for backdoor Feedly Summary: Hardcoded passwords and path traversals keeping bug hunters in work Security researchers have issued a warning about a pre-authentication exploit chain affecting a CMS used by some of the biggest companies in the world.… AI Summary and…
-
Bulletins: Vulnerability Summary for the Week of June 9, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-167 Source: Bulletins Title: Vulnerability Summary for the Week of June 9, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Acer–ControlCenter Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named…
-
The Register: Apple fixes zero-click exploit underpinning Paragon spyware attacks
Source URL: https://www.theregister.com/2025/06/13/apple_fixes_zeroclick_exploit_underpinning/ Source: The Register Title: Apple fixes zero-click exploit underpinning Paragon spyware attacks Feedly Summary: Zero-day potentially tied to around 100 suspected infections in 2025 and a spyware scandal on the continent Apple has updated its iOS/iPadOS 18.3.1 documentation, confirming it introduced fixes for the zero-click vulnerability used to infect journalists with Paragon’s…
-
Slashdot: The Meta AI App Is a Privacy Disaster
Source URL: https://tech.slashdot.org/story/25/06/13/020259/the-meta-ai-app-is-a-privacy-disaster?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: The Meta AI App Is a Privacy Disaster Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a significant privacy breach associated with Meta’s standalone AI application, where users’ private conversations are inadvertently shared publicly. This situation raises critical concerns regarding privacy practices, user awareness, and the…