#AIApplicationSecurity

New R Programming Vulnerability Exposes Projects to Supply Chain Attacks

by

April 29, 2024 at 10:00AM A security vulnerability, CVE-2024-27322, has been discovered in the R programming language, enabling threat actors to execute malicious code via RDS files. This flaw, fixed in version 4.4.0, could lead to supply chain attacks through compromised R packages. AI security firm HiddenLayer reported the issue, emphasizing the importance of updating … Read more

Critical ChatGPT Plugin Vulnerabilities Expose Sensitive Data

by

March 13, 2024 at 08:07AM Security researchers at Salt Labs discovered three critical vulnerabilities in the ChatGPT extension, potentially exposing users’ accounts and services to unauthorized access. The first vulnerability occurs during plugin installation, allowing malicious code approval. The second vulnerability lacks proper user authentication, enabling account takeovers. The third vulnerability allows for OAuth redirection … Read more