The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new cyber attack campaign by the Russia-linked APT28 (aka UAC-0001) threat actors using […]
Category: Cyber Security News
Advanced Malware Campaign Targets WordPress and WooCommerce Sites with Hidden Skimmers
The Wordfence Threat Intelligence Team uncovered a sophisticated malware campaign during a routine site cleanup, revealing a family of malicious code targeting WordPress and WooCommerce […]
OWASP Launches AI Testing Guide to Uncover Vulnerabilities in AI Systems
As artificial intelligence (AI) becomes a cornerstone of modern industry, the Open Web Application Security Project (OWASP) has announced the release of its AI Testing […]
Xiaomi Interoperability App Flaw Allows Unauthorized Access to User Devices
A critical security vulnerability, tracked as CVE-2024-45347, has been discovered in Xiaomi’s Mi Connect Service App, exposing millions of users to the risk of unauthorized […]
The CISO’s 5-step guide to securing AI operations
When ChatGPT first came out, I asked a panel of CISOs what it meant for their cybersecurity programs. They recognized impending changes, but reflected on […]
Iranian cyber threats overhyped, but CISOs can’t afford to let down their guard
Over the past ten days, real-world military attacks have fostered fears that Iranian threat actors would launch cyberattacks on US organizations as part of a […]
WinRAR Vulnerability Exploited with Malicious Archives to Execute Code
A newly disclosed vulnerability in RARLAB’s WinRAR, the widely used file compression utility for Windows, has put millions of users at risk of remote code […]
Aviatrix Cloud Controller Flaw Enables Remote Code Execution via Authentication Bypass
A Mandiant Red Team engagement has uncovered two critical vulnerabilities in Aviatrix Controller—cloud networking software used to manage multi-cloud environments. The flaws enable full system […]
New Echo Chamber Attack Breaks AI Models Using Indirect Prompts
A groundbreaking AI jailbreak technique, dubbed the “Echo Chamber Attack,” has been uncovered by researchers at Neural Trust, exposing a critical vulnerability in the safety […]
Notepad++ Vulnerability Allows Full System Takeover — PoC Released
A critical privilege escalation vulnerability (CVE-2025-49144) in Notepad++ v8.8.1 enables attackers to achieve full system control through a supply-chain attack. The flaw exploits the installer’s […]