An estimated 14,000 employees at a Liverpool NHS hospital trust have been informed that their data was leaked via email due to human error, according to reports.
Cutout, a popular AI image editing tool, suffered a data breach that exposed user images, usernames, and email addresses. The incident underscores the risks of using cloud-based AI tools for sensitive data.
Out of a total of seven security defects, five are described as deserialization of untrusted data issues that could be exploited to achieve command execution. Four of them have a CVSS score of 8.8.
A new variant of the Mirai botnet dubbed V3G4 has been identified by researchers. The malware exploits 13 vulnerabilities in various servers and IoT devices and uses brute-forcing attacks to propagate further across the network.
A new malware, named Frebniis, has been spotted abusing Microsoft’s IIS feature to execute malicious commands without raising any red flags on the security radar.
Researchers identified a fresh attack on a government entity, during which the attackers employed a novel C2 framework dubbed Havoc. In spite of the widespread availability of C2 frameworks, Havoc stands out as an advanced post-exploitation framework that can elude the latest version of Windows 11 Defender.
Suspected North Korean nation-state actors targeted a journalist in South Korea with a malware-laced Android app as part of a social engineering campaign. The findings come from South Korea-based non-profit Interlab, which coined the new malware RambleOn.
A number of experiments suggest that ChatGPT, the popular large language model (LLM), could be useful to help defenders triage potential security incidents and find security vulnerabilities in code, even though the artificial intelligence (AI) model was not specifically trained for such activities, according to results released this week.
Twitter has announced that it's limiting the use of SMS-based two-factor authentication (2FA) to its Blue subscribers. "While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used – and abused – by bad actors," the company said.
/https://cyware-ent.s3.amazonaws.com/image_bank/e051_shutterstock_1746259250.jpg "icon")
