Proton fixed a bug in its new Authenticator app for iOS that logged users’ sensitive TOTP secrets in plaintext, potentially exposing multi-factor authentication codes if the logs were shared. […]
Microsoft: Outdated Office apps lose access to voice features in January
Microsoft announced that the transcription, dictation, and read aloud features will stop working in older versions of Office 365 applications in late January 2026. […]
Nvidia Triton Vulnerabilities Pose Big Risk to AI Models
Nvidia has patched over a dozen vulnerabilities in Triton Inference Server, including another set of vulnerabilities that threaten AI systems.
The post Nvidia Triton Vulnerabilities Pose Big Risk to AI Models appeared first on SecurityWeek.
NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers
A newly disclosed set of security flaws in NVIDIA’s Triton Inference Server for Windows and Linux, an open-source platform for running artificial intelligence (AI) models at scale, could be exploited to take over susceptible servers.
“When chained together, these flaws can potentially allow a remote, unauthenticated attacker to gain complete control of the server, achieving remote code execution
“When chained together, these flaws can potentially allow a remote, unauthenticated attacker to gain complete control of the server, achieving remote code execution
CTM360 spots Malicious ‘ClickTok’ Campaign Targeting TikTok Shop users
The ClickTok campaign lures victims with fake TikTok shops and drains their crypto wallets. CTM360 exposes how SparkKitty spyware spreads via trojanized apps, phishing pages, and AI-powered scams. […]
New Plague Linux malware stealthily maintains SSH access
A newly discovered Linux malware, which has evaded detection for over a year, allows attackers to gain persistent SSH access and bypass authentication on compromised systems. […]
Vietnamese Hackers Use PXA Stealer, Hit 4,000 IPs and Steal 200,000 Passwords Globally
Cybersecurity researchers are calling attention to a new wave of campaigns distributing a Python-based information stealer called PXA Stealer.
The malicious activity has been assessed to be the work of Vietnamese-speaking cybercriminals who monetize the stolen data through a subscription-based underground ecosystem that automates the resale and reuse via Telegram APIs, according to a joint
The malicious activity has been assessed to be the work of Vietnamese-speaking cybercriminals who monetize the stolen data through a subscription-based underground ecosystem that automates the resale and reuse via Telegram APIs, according to a joint
US Announces $100 Million for State, Local and Tribal Cybersecurity
CISA and FEMA announced two grants of more than $100 million for state, local, and tribal governments looking to improve cybersecurity.
The post US Announces $100 Million for State, Local and Tribal Cybersecurity appeared first on SecurityWeek.
AI Guardrails Under Fire: Cisco’s Jailbreak Demo Exposes AI Weak Points
Cisco’s latest jailbreak method reveals just how easily sensitive data can be extracted from chatbots trained on proprietary or copyrighted content.
The post AI Guardrails Under Fire: Cisco’s Jailbreak Demo Exposes AI Weak Points appeared first on SecurityWeek.
Sean Cairncross Confirmed by Senate as National Cyber Director
The US Senate voted to confirm Sean Cairncross as the National Cyber Director, five months after nominalization.
The post Sean Cairncross Confirmed by Senate as National Cyber Director appeared first on SecurityWeek.