ChatGPT, GenAI Tools Open to ‘Man in the Prompt’ Browser Attack
A brand-new cyberattack vector allows threat actors to use a poisoned browser extension to inject malicious prompts into all of the top generative AI tools on the market, including ChatGPT, Gemini, and others.
Critical Dahua Camera Flaws Enable Remote Hijack via ONVIF and File Upload Exploits
Cybersecurity researchers have disclosed now-patched critical security flaws in the firmware of Dahua smart cameras that, if left unaddressed, could allow attackers to hijack control of susceptible devices. “The flaws, affecting the device’s ONVIF protocol and file upload handlers, allow unauthenticated attackers to execute arbitrary commands remotely, effectively taking over the device,”
Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome
Apple on Tuesday released security updates for its entire software portfolio, including a fix for a vulnerability that Google said was exploited as a zero-day in the Chrome web browser earlier this month. The vulnerability, tracked as CVE-2025-6558 (CVSS score: 8.8), is an incorrect validation of untrusted input in the browser’s ANGLE and GPU components […]
Product Walkthrough: A Look Inside Pillar’s AI Security Platform
In this article, we will provide a brief overview of Pillar Security’s platform to better understand how they are tackling AI security challenges. Pillar Security is building a platform to cover the entire software development and deployment lifecycle with the goal of providing trust in AI systems. Using its holistic approach, the platform introduces new […]
The CrowdStrike Outage Was Bad, but It Could Have Been Worse
A year after the largest outage in IT history, organizations need to make an active effort to diversify their technology and software vendors and create a more resilient cyber ecosystem moving forward.
FunkSec Ransomware Decryptor Released Free to Public After Group Goes Dormant
Cybersecurity experts have released a decryptor for a ransomware strain called FunkSec, allowing victims to recover access to their files for free. “Because the ransomware is now considered dead, we released the decryptor for public download,” Gen Digital researcher Ladislav Zezula said. FunkSec, which emerged towards the end of 2024, has claimed 172 victims, according […]
Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps
Cybersecurity researchers are calling attention to an ongoing campaign that distributes fake cryptocurrency trading apps to deploy a compiled V8 JavaScript (JSC) malware called JSCEAL that can capture data from credentials and wallets. The activity leverages thousands of malicious advertisements posted on Facebook in an attempt to redirect unsuspecting victims to counterfeit sites that instruct
SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via […]
Silk Typhoon Linked to Powerful Offensive Tools, PRC-Backed Companies
An unsealed indictment associated with the Chinese threat group shows its members worked for companies closely aligned with the PRC as part of a larger contractor ecosystem.
Koreans Hacked, Blackmailed by 250+ Fake Mobile Apps
A swath of copycat Korean apps are hiding spyware, occasionally leading to highly personal, disturbing extortions.
