Critical GitLab flaw allows account takeover without user interaction, patch quickly! (CVE-2023-7028)
A critical vulnerability in GitLab CE/EE (CVE-2023-7028) can be easily exploited by attackers to reset GitLab user account passwords. While also vulnerable, users who have …
Cloud security predictions for 2024
As we reflect on the cybersecurity landscape and the trajectories of threat vectors, it’s evident that we’re on the cusp of a paradigm shift in cloud security. …
New infosec products of the week: January 12, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Critical Start, Dasera, ID R&D, and SpecterOps. SpecterOps adds new Attack …
LLM hype fades as enterprises embrace targeted AI models
2023 was the year of AI enterprise adoption, with 55% of organizations adopting AI into their workflows, according to a recent report from McKinsey & Co. This adoption …
Critical Cisco Unity Connection flaw gives attackers root privileges. Patch now! (CVE-2024-20272)
Cisco has fixed a critical vulnerability (CVE-2024-20272) in Cisco Unity Connection that could allow an unauthenticated attacker to upload arbitrary files and gain root …
Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887)
Two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti Connect Secure VPN devices are under active exploitation by unknown attackers, Volexity researchers …
Purple teaming and the role of threat categorization
Organizations constantly work to ensure optimal threat detection and prevention across their systems. One question gets asked repeatedly: “Can we detect the threats we’re …
APIs are increasingly becoming attractive targets
APIs, a technology that underpins today’s most used sites and apps, are being leveraged by businesses more than ever—ultimately opening the door to more online threats than …
Hackers are targeting exposed MS SQL servers with Mimic ransomware
Hackers are brute-forcing exposed MS SQL database servers to deliver Mimic ransomware, Securonix researchers are warning. About Mimic ransomware Mimic ransomware was first …
SEC’s X account hacked to post fake news of Bitcoin ETF approval
Someone has hijacked the X (formerly Twitter) account of the US Securities and Exchange Commission (SEC), and posted an announcement saying the agency has decided to allow the …
Top LLM vulnerabilities and how to mitigate the associated risk
As large language models (LLMs) become more prevalent, a comprehensive understanding of the LLM threat landscape remains elusive. But this uncertainty doesn’t mean progress …
Fly Catcher: Detect aircraft spoofing by monitoring for malicious signals
Fly Catcher is an open-source device that can detect aircraft spoofing by monitoring for malicious ADS-B signals in the 1090MHz frequency. Angelina Tsuboi, the developer of …
Featured news
Resources
Don't miss
- Job-seeking devs targeted with fake CrowdStrike offer via email
- January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance
- The SBI fake banking app shows that SMS authentication has had its day
- Preventing the next ransomware attack with help from AI
- Banshee Stealer variant targets Russian-speaking macOS users