April 5, 2024 at 04:51PM Two critical security vulnerabilities in the Hugging Face AI platform allowed attackers to access customer data and overwrite images in a shared container registry. Researchers at Wiz found weaknesses in Hugging Face’s Inference API, Endpoints, and Spaces. The vulnerabilities were exploited by uploading a Pickle-based model. Hugging Face has since … Read more
April 4, 2024 at 05:51PM This year, Ivanti has revealed 11 flaws, some of which are critical, in its remote access products. Based on the meeting notes, Ivanti has disclosed a total of 11 flaws in its remote access products, with many of them being critical. Full Article
April 3, 2024 at 01:31PM Ivanti, an IT security software company, has released patches for multiple high-severity security vulnerabilities in its Connect Secure and Policy Secure gateways. Attackers can exploit these flaws for remote code execution and DoS attacks. The U.S. CISA has issued an emergency directive to secure Ivanti systems following zero-day attacks. Thousands … Read more
March 27, 2024 at 10:54AM A Google report on zero-day attacks in 2023 shows a decline in use-after-free and JavaScript engine exploitation. Exploit mitigations in operating systems and software are impacting attackers, prompting the search for new vulnerabilities. The focus has shifted to targeting third-party components and enterprise technologies. Investments in security are forcing attackers … Read more
March 11, 2024 at 02:45AM Magnet Goblin, a financially motivated threat actor, rapidly exploits newly disclosed vulnerabilities to breach public-facing servers and edge devices. The group deploys malware, including a remote access trojan (RAT) called Nerbian and MiniNerbian, to execute arbitrary commands and steal credentials. Their campaigns are financially motivated and target areas previously left … Read more
March 1, 2024 at 02:33AM The Five Eyes intelligence alliance issued a cybersecurity advisory warning about cyber threat actors exploiting known security flaws in Ivanti Connect Secure and Ivanti Policy Secure gateways. They cautioned that the Integrity Checker Tool may provide a false sense of security, allowing threat actors root-level persistence despite factory resets. Ivanti … Read more
February 19, 2024 at 02:36PM The Cactus ransomware gang breached Schneider Electric’s network, claiming to have stolen 1.5TB of data and leaked 25MB as proof on the dark web. They are now extorting the company and threatening to release all the data unless a ransom is paid. Schneider Electric’s Sustainability Business division, which provides renewable … Read more
January 18, 2024 at 07:24AM Security researcher Eaton Zveare gained unauthorized access to customer information in Toyota Tsusho Insurance Broker India’s email account due to misconfigurations and vulnerabilities. Zveare accessed the noreplyeicher@ttibi.co.in email account, exposing customer data, OTPs, and access to TTIBI’s Microsoft cloud account. TTIBI took two months to address the issues, but the … Read more
January 11, 2024 at 10:28AM Chinese nation-state attackers have been exploiting two zero-day vulnerabilities in Ivanti’s security products, particularly affecting Ivanti Connect Secure (ICS) and Policy Secure. The US Cybersecurity and Infrastructure Security Agency (CISA) has advised users to apply the current workaround. Ivanti’s patches for the vulnerabilities are staggered, and organizations are urged to … Read more
December 12, 2023 at 03:36PM Adobe issued fixes for code execution vulnerabilities in Illustrator, Substance 3D Sampler, and After Effects, addressing at least 207 security flaws. Notably, critical-severity issues affected Adobe Substance 3D Sampler, Illustrator, and After Effects on various platforms. Additionally, a major Adobe Experience Manager patch was released to address 185 documented bugs. … Read more