A security flaw in the widely-used Apache Tika XML document extraction utility, originally made public last summer, is wider in scope and more serious than first thought, the project’s maintainers…
A procurement team throws a small party. They’ve shaved millions off the supplier budget. The CFO beams. The board applauds. Six months later, a cyber incident or supply disruption wipes…
AI browsers including Perplexity Comet and OpenAI’s ChatGPT Atlas present security risks that cannot be adequately mitigated, and enterprises should prevent employees using them, according to Gartner. “Gartner strongly recommends…
Cybersecurity researchers are calling attention to a new campaign dubbed JS#SMUGGLER that has been observed leveraging compromised websites as a distribution vector for a remote access trojan named NetSupport RAT.…
Sicherheitsbehörden sehen in der vermehrten Nutzung von KI eine Gefahr für die Sicherheit von OT-Systemen. Durch bigjom jom – shutterstock.com Die Sicherheit der Betriebstechnik (Operational Technology – OT) in kritischen…
It’s been a week of chaos in code and calm in headlines. A bug that broke the internet’s favorite framework, hackers chasing AI tools, fake apps stealing cash, and record-breaking…
The holiday season compresses risk into a short, high-stakes window. Systems run hot, teams run lean, and attackers time automated campaigns to get maximum return. Multiple industry threat reports show…
‘Broadside’ is targeting a critical flaw in DVR systems to conduct command injection attacks, which can hijack devices to achieve persistence and move laterally. – Read More
Cybersecurity researchers have disclosed details of two new Android malware families dubbed FvncBot and SeedSnatcher, as another upgraded version of ClayRat has been spotted in the wild. The findings come…
There are crucial differences between prompt and SQL injection which – if not considered – can undermine mitigations. – Read More
A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited in the wild, per data from Wordfence. The remote code execution vulnerability in question is…
The NCSC has updated 3 key pieces of cryptographic guidance. Here, we explain the changes. – Read More
Sara Madden is looking to take a more offensive approach to safeguarding her company. The Convera CISO wants to add a red team to stress test the financial services company’s…
The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed UDPGangster that uses the User Datagram Protocol (UDP) for command-and-control (C2) purposes. The cyber espionage…
CSO Germany: The energy sector is increasingly becoming a target for cybercriminals. Experts and the Federal Office for Information Security (BSI) believe that protection in this area must be significantly…