A ChatGPT jailbreak flaw, dubbed “Time Bandit,” allows you to bypass OpenAI’s safety guidelines when asking for detailed instructions on sensitive topics, including the creation of weapons, information on nuclear topics, and malware creation. […]
Frederick Health Hit by Ransomware Attack
Maryland healthcare provider Frederick Health has taken some of its systems offline in response to a ransomware attack.
The post Frederick Health Hit by Ransomware Attack appeared first on SecurityWeek.
152,000 Impacted by Data Breach at Berman & Rabin
Law firm Berman & Rabin says 152,000 people are impacted by a data breach resulting from a July 2024 ransomware attack.
The post 152,000 Impacted by Data Breach at Berman & Rabin appeared first on SecurityWeek.
Unprotected DeepSeek Database Exposed Chats, Other Sensitive Information
An unprotected database belonging to Chinese AI company DeepSeek exposed highly sensitive information, including chat history, secret keys, and backend data.
The post Unprotected DeepSeek Database Exposed Chats, Other Sensitive Information appeared first on SecurityWeek.
Tenable to Acquire Vulcan Cyber for $150 Million
Tenable plans to acquire exposure management company Vulcan Cyber for roughly $150 million in cash and stock.
The post Tenable to Acquire Vulcan Cyber for $150 Million appeared first on SecurityWeek.
SOC Analysts – Reimagining Their Role Using AI
The job of a SOC analyst has never been easy. Faced with an overwhelming flood of daily alerts, analysts (and sometimes IT teams who are doubling as SecOps) must try and triage thousands of security alerts—often false positives—just to identify a handful of real threats. This relentless, 24/7 work leads to alert fatigue, desensitization, and increased risk of missing critical security incidents.
DeepSeek AI Database Exposed: Over 1 Million Log Lines, Secret Keys Leaked
Buzzy Chinese artificial intelligence (AI) startup DeepSeek, which has had a meteoric rise in popularity in recent days, left one of its databases exposed on the internet, which could have allowed malicious actors to gain access to sensitive data.
The ClickHouse database “allows full control over database operations, including the ability to access internal data,” Wiz security researcher Gal
The ClickHouse database “allows full control over database operations, including the ability to access internal data,” Wiz security researcher Gal
Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits
Three security flaws have been disclosed in the open-source PHP package Voyager that could be exploited by an attacker to achieve one-click remote code execution on affected instances.
“When an authenticated Voyager user clicks on a malicious link, attackers can execute arbitrary code on the server,” Sonar researcher Yaniv Nizry said in a write-up published earlier this week.
“When an authenticated Voyager user clicks on a malicious link, attackers can execute arbitrary code on the server,” Sonar researcher Yaniv Nizry said in a write-up published earlier this week.
The
New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks
A Mirai botnet variant dubbed Aquabot has been observed actively attempting to exploit a medium-severity security flaw impacting Mitel phones in order to ensnare them into a network capable of mounting distributed denial-of-service (DDoS) attacks.
The vulnerability in question is CVE-2024-41710 (CVSS score: 6.8), a case of command injection in the boot process that could allow a malicious actor
The vulnerability in question is CVE-2024-41710 (CVSS score: 6.8), a case of command injection in the boot process that could allow a malicious actor
New Aquabotv3 botnet malware targets Mitel command injection flaw
A new variant of the Mirai-based botnet malware Aquabot has been observed actively exploiting CVE-2024-41710, a command injection vulnerability in Mitel SIP phones. […]