The Russian state-backed hacking group Gamaredon (aka “Shuckworm”) has been targeting a military mission of a Western country in Ukraine in attacks likely deployed from removable drives. […]
Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes
Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully exploited, could put sensitive data at risk.
The original vulnerability CVE-2024-0132 (CVSS score: 9.0) is a Time-of-Check Time-of-Use (TOCTOU) vulnerability that could lead to a container escape attack and allow for
The original vulnerability CVE-2024-0132 (CVSS score: 9.0) is a Time-of-Check Time-of-Use (TOCTOU) vulnerability that could lead to a container escape attack and allow for
Juniper Networks Patches Dozens of Junos Vulnerabilities
Juniper Networks has patched two dozen vulnerabilities in Junos OS and Junos OS Evolved, and dozens of flaws in Junos Space third-party dependencies.
The post Juniper Networks Patches Dozens of Junos Vulnerabilities appeared first on SecurityWeek.
Sensata Technologies hit by ransomware attack impacting operations
Sensata Technologies (known as Sensata) has suffered a ransomware attack last weekend that encrypted parts of the company network and disrupted operations. […]
Flipper Zero maker unveils ‘Busy Bar,’ a new ADHD productivity tool
Flipper Devices, the company behind the popular Flipper Zero, has launched an open-source productivity tool called Busy Bar, designed to help reduce distractions for people with ADHD. […]
Malicious npm Package Targets Atomic Wallet, Exodus Users by Swapping Crypto Addresses
Threat actors are continuing to upload malicious packages to the npm registry so as to tamper with already-installed local versions of legitimate libraries to execute malicious code in what’s seen as a sneakier attempt to stage a software supply chain attack.
The newly discovered package, named pdf-to-office, masquerades as a utility for converting PDF files to Microsoft Word documents. But, in
The newly discovered package, named pdf-to-office, masquerades as a utility for converting PDF files to Microsoft Word documents. But, in
Study Identifies 20 Most Vulnerable Connected Devices of 2025
Routers are the riskiest devices in enterprise networks as they contain the most critical vulnerabilities, a new Forescout report shows.
The post Study Identifies 20 Most Vulnerable Connected Devices of 2025 appeared first on SecurityWeek.
PlayPraetor Reloaded: CTM360 Uncovers a Play Masquerading Party
Overview of the PlayPraetor Masquerading Party Variants
CTM360 has now identified a much larger extent of the ongoing Play Praetor campaign. What started with 6000+ URLs of a very specific banking attack has now grown to 16,000+ with multiple variants. This research is ongoing, and much more is expected to be discovered in the coming days.
As before, all the newly discovered play
CTM360 has now identified a much larger extent of the ongoing Play Praetor campaign. What started with 6000+ URLs of a very specific banking attack has now grown to 16,000+ with multiple variants. This research is ongoing, and much more is expected to be discovered in the coming days.
As before, all the newly discovered play
GitHub Announces General Availability of Security Campaigns
GitHub security campaigns make it easier for developers and security teams to collaborate on fixing vulnerabilities in their applications.
The post GitHub Announces General Availability of Security Campaigns appeared first on SecurityWeek.
The Identities Behind AI Agents: A Deep Dive Into AI & NHI
AI agents have rapidly evolved from experimental technology to essential business tools. The OWASP framework explicitly recognizes that Non-Human Identities play a key role in agentic AI security. Their analysis highlights how these autonomous software entities can make decisions, chain complex actions together, and operate continuously without human intervention. They’re no longer just tools,