Critical Prompt Injection Flaws Discovered in Leading AI Chatbots
Security researchers uncover dangerous vulnerabilities in DeepSeek and Claude AI chatbots that could enable account hijacking and malicious code execution. The findings highlight significant security risks in AI systems, prompting companies to strengthen defenses against prompt injection attacks.
Massive Socks5Systemz Botnet Fuels Illegal Global Proxy Service Network
BitSight uncovers a sprawling botnet operation that has compromised over 85,000 devices to power an illicit proxy service called PROXY.AM. The network, active since 2013, allows cybercriminals to rent infected machines as proxy servers for monthly fees up to $700.
Critical Buffer Overflow Vulnerability Discovered in Curl Web Tool
A serious security flaw in Curl, the widely-used data transfer tool, could allow attackers to exploit buffer overflow vulnerabilities when processing IP addresses. The issue affects both IPv4 and IPv6 address handling, putting countless websites and applications at risk.
Michigan School District Battles Cyberattack While Managing Budget Crisis
Wayne-Westland Community Schools faces service disruptions and parent concerns following a cyberattack that knocked out internet and phone services. Despite the challenges, officials confirm student data remains secure while working to restore services and rebuild community trust.
Russian Hackers Exploit Cloudflare Tunnels to Conceal Advanced GammaDrop Malware Campaign
Russian state-backed hacking group Gamaredon is using Cloudflare Tunnels and DNS fast-flux techniques to mask their malware distribution targeting Ukrainian organizations. The sophisticated campaign deploys GammaDrop malware through spear-phishing attacks to steal sensitive data and maintain persistent access to compromised systems.
Venom Spider Expands Malware Operation with Advanced Backdoor and Loader Tools
Cybercrime group Venom Spider has enhanced their malware-as-a-service platform with two sophisticated new tools: the RevC2 backdoor and Venom Loader. The expansion demonstrates advanced capabilities including browser data theft and customized payloads, despite recent legal challenges to their operation.
Critical Zero-Day Vulnerability Exposes Mitel MiCollab Enterprise Platform
Security researchers uncover a serious zero-day flaw in Mitel's MiCollab collaboration suite that could expose sensitive organizational data. Over 16,000 exposed instances are at risk until patches arrive in December 2024.
Chinese Hackers Target Japan with Revived ANEL Backdoor in Sophisticated Spear-Phishing Campaign
MirrorFace, a Chinese state-sponsored hacking group, has launched a new cyber espionage campaign against Japanese organizations using the resurrected ANEL backdoor malware. The sophisticated operation leverages spear-phishing emails with OneDrive links to deploy multiple backdoors, targeting individuals connected to Japan's national security.
New Pegasus Spyware Variants Discovered in Groundbreaking Mobile Security Study
Security firm iVerify uncovers seven new Pegasus spyware infections across iOS devices, revealing a higher-than-expected infection rate of 2.5 per 1,000 scans. The investigation marks a shift toward democratized threat detection by making professional security scanning accessible to everyday users.
Critical SailPoint Vulnerability Puts Protected Files at Risk with Maximum Severity Score
A severe security flaw in SailPoint's IdentityIQ software received the highest possible CVSS score of 10.0, potentially allowing unauthorized access to protected files. The vulnerability affects multiple versions of the identity management platform and requires immediate attention from system administrators.