Jan 28, 2025Ravie LakshmananVulnerability / Endpoint Security Apple has released software updates to address several security flaws across its portfolio, including a zero-day vulnerability that it said has been exploited in the wild. The vulnerability,…
Jan 27, 2025Ravie LakshmananVulnerability / Software Security Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to…
![Top Cybersecurity Threats, Tools and Tips [27 January]](https://i2.wp.com/blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1de6DT-dB1sOMXF-3PGpHW68C7duvJm1JreoDh3dNfwhkQ2Q6V60GrDu8HZV3ilI2uWJYCsP_dSJ-OrZNaozg3IsL8xZ_UH6jUVGWOu-cgDmT5n3q64Mgz71jwN49-m2V46my5whXSMZFV5FcTzWux_l-wpclKZCqkSOBpHs-ICyHRAgtT69yA6NTkUp-/s728-rw-e365/recap.png?w=930&resize=930,620&ssl=1 "Top Cybersecurity Threats, Tools and Tips [27 January]")
Jan 27, 2025Ravie LakshmananCybersecurity / Recap Welcome to your weekly cybersecurity scoop! Ever thought about how the same AI meant to protect our hospitals could also compromise them? This week, we’re breaking down the sophisticated…
The Open Web Application Security Project has recently introduced a new Top 10 project – the Non-Human Identity (NHI) Top 10. For years, OWASP has provided security professionals and developers with essential guidance and actionable…
Jan 27, 2025Ravie LakshmananCyber Espionage / Threat Intelligence A previously unknown threat actor has been observed copying the tradecraft associated with the Kremlin-aligned Gamaredon hacking group in its cyber attacks targeting Russian-speaking entities. The campaign…
Jan 27, 2025Ravie LakshmananMalware / SEO Poisoning Threat hunters have detailed an ongoing campaign that leverages a malware loader called MintsLoader to distribute secondary payloads such as the StealC information stealer and a legitimate open-source…
A high-severity security flaw has been disclosed in Meta’s Llama large language model (LLM) framework that, if successfully exploited, could allow an attacker to execute arbitrary code on the llama-stack inference server. The vulnerability, tracked…
Jan 24, 2025Ravie LakshmananTelecom Security / Vulnerability A group of academics has disclosed details of over 100 security vulnerabilities impacting LTE and 5G implementations that could be exploited by an attacker to disrupt access to…
The modern workplace has undergone a seismic transformation over recent years, with hybrid work becoming the norm and businesses rapidly adopting cloud-based Software-as-a-Service (SaaS) applications to facilitate it. SaaS applications like Microsoft 365 and Google…
The U.S. Department of Justice (DoJ) on Thursday indicted two North Korean nationals, a Mexican national, and two of its own citizens for their alleged involvement in the ongoing fraudulent information technology (IT) worker scheme…