OpenAI is hosting a live stream at 10AM PT to announce GPT-5, but Microsoft has already confirmed the details. […]
Major Enterprise AI Assistants Can Be Abused for Data Theft, Manipulation
Zenity has shown how AI assistants such as ChatGPT, Copilot, Cursor, Gemini, and Salesforce Einstein can be abused using specially crafted prompts.
The post Major Enterprise AI Assistants Can Be Abused for Data Theft, Manipulation appeared first on SecurityWeek.
Enterprise Secrets Exposed by CyberArk Conjur Vulnerabilities
CyberArk has patched several vulnerabilities that could be chained for unauthenticated remote code execution.
The post Enterprise Secrets Exposed by CyberArk Conjur Vulnerabilities appeared first on SecurityWeek.
Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft
Cybersecurity researchers have demonstrated an “end-to-end privilege escalation chain” in Amazon Elastic Container Service (ECS) that could be exploited by an attacker to conduct lateral movement, access sensitive data, and seize control of the cloud environment.
The attack technique has been codenamed ECScape by Sweet Security researcher Naor Haziz, who presented the findings today at the
The attack technique has been codenamed ECScape by Sweet Security researcher Naor Haziz, who presented the findings today at the
Akira ransomware abuses CPU tuning tool to disable Microsoft Defender
Akira ransomware is abusing a legitimate Intel CPU tuning driver to turn off Microsoft Defender in attacks from security tools and EDRs running on target machines. […]
Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams
The malicious ad tech purveyor known as VexTrio Viper has been observed developing several malicious apps that have been published on Apple and Google’s official app storefronts under the guise of seemingly useful applications.
These apps masquerade as VPNs, device “monitoring” apps, RAM cleaners, dating services, and spam blockers, DNS threat intelligence firm Infoblox said in an exhaustive
These apps masquerade as VPNs, device “monitoring” apps, RAM cleaners, dating services, and spam blockers, DNS threat intelligence firm Infoblox said in an exhaustive
Google Discloses Salesforce Hack
A Google Salesforce instance may have been targeted as part of a ShinyHunters campaign that hit several major companies.
The post Google Discloses Salesforce Hack appeared first on SecurityWeek.
New Ghost Calls tactic abuses Zoom and Microsoft Teams for C2 operations
A new post-exploitation command-and-control (C2) evasion method called ‘Ghost Calls’ abuses TURN servers used by conferencing apps like Zoom and Microsoft Teams to tunnel traffic through trusted infrastructure. […]
Hacker extradited to US for stealing $3.3 million from taxpayers
Nigerian national Chukwuemeka Victor Amachukwu has been extradited from France to the U.S. to face charges of hacking, fraud, and identity theft for suspected spearphishing attacks on U.S. tax preparation businesses. […]
PLoB: A Behavioral Fingerprinting Framework to Hunt for Malicious Logins
Splunk researchers developed a system to fingerprint post-logon behavior, using AI to find subtle signals of intrusion.
The post PLoB: A Behavioral Fingerprinting Framework to Hunt for Malicious Logins appeared first on SecurityWeek.