Aggregated from vendor advisories, security research, and industry publications.
Your enterprise better have a cybersecurity strategy for AI. But where to start? Everywhere! Securing AI means securing all the AI layers and throughout the lifecycle: data, model, and applications, in training and in inference. Johna and John discuss what your strategy must address and how to get support for it because, of course, it’s... Read more »
_NicoElNino_Alamy.png?width=1280&auto=webp&quality=80&disable=upscale)
The prompt-injection vulnerability in the agentic AI product for filesystem operations was a sanitization issue that allowed for sandbox escape and arbitrary code execution.
A 24-year-old British national and senior member of the cybercrime group "Scattered Spider" has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert …
China is spying on India's financial sector, for some reason, and it's not putting much effort into it, judging by some stale TTPs.
Grupo Seguritech is a Mexican surveillance company that is expanding into the US.
Stolen OAuth tokens, which are at the root of these breaches, "are the new attack surface, the new lateral movement," a researcher notes.
The OT devices that translate machine talk into Internet-speak are riddled with vulnerabilities and more frequently targeted for attacks, researchers say.
Take a Network Break! Our Red Alert covers a trio of vulnerabilities in Cisco ISE. On the news front, Cloudflare announces a private network offering for AI agents and a partnershi…
Strangers can infer limited info about you without knowing or messaging you, which could theoretically aid certain kinds of malicious activity.
Article URL: https://www.discovermagazine.com/up-to-8-million-bees-are-living-in-an-underground-network-beneath-this-cemetery-48977 Comments URL: https://news.ycombinator.com/item?…
Industry and ad hoc coalitions appear poised to help fill the gap created by NIST's decision to cut back on CVE data enrichment.
In embracing device code phishing, attackers trick victims into handing over account access by using a service's legitimate new-device login flow.
On today’s episode Ethan is joined by Mark Prosser, a self-described Network Operator Advocate and Network Automation Dreamer, to embark on a thought exercise about network service…
AI's danger isn't that it's creating new bugs, it's that it's amplifying old ones.
The Maritime Transportation Security Act (MTSA) requires plans to protect OT systems, audits by independent third parties, and a hybrid OT-security role.
The National Institute of Standards and Technology is carving a new path for vulnerability remediation by changing the way it prioritizes software flaws.
Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials and sensitive data from Macs.
Today our hosts discuss IPv6 Privacy and Temporary Addresses to clarify how address provisioning can potentially work for host operating systems. The discussion covers the differen…
We asked for follow ups and you did not disappoint! On today’s show we respond to listener comments and corrections on multicast, routing protocols, security, and more. We also hav…
I trained a transformer in HyperCard. 1,216 parameters. 1989 Macintosh. And yes, it took a while.MacMind is a complete transformer neural network, embeddings, positional encodin…
Malware has shifted from phishing expeditions to open source packages, domains, and repositories. Ned and Kyler welcome Jenn Gile, co-founder of Open Source Malware, to discuss how…
CVSSv3 Score: 6.7 An out-of-bounds write vulnerability [CWE-787] in FortiWeb CGI daemon may allow a remote privileged attacker to execute arbitrary code or command via crafte…
Article URL: https://www.businesswire.com/news/home/20260414237496/en/Amazon-to-Acquire-Globalstar-and-Expand-Amazon-Leo-Satellite-Network Comments URL: https://news.ycombinator.co…
Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-d…
Threat actors are behaving more like professional organizations in an effort to launch more effective and profitable attacks. We explore this and other themes from the latest Threa…
Speedtest Certified is a network connectivity verification program for properties and venues, allowing them to prove the performance of their Wi-Fi. Alan Blake of Ookla joins the s…
CVSSv3 Score: 9.1 An Improper Neutralization of Special Elements used in an OS Command ('OS command injection') vulnerability [CWE-78] in FortiSandbox may allow an unauthenti…
CVSSv3 Score: 2.2 An URL Redirection to Untrusted Site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F may allow a remote privileged attacker with system administrato…
CVSSv3 Score: 4.4 An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR may allow an authenticated remot…
CVSSv3 Score: 5.4 An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in FortiAnalyzer, FortiAnalyzer Cloud, FortiManager and Fort…