Category Security

Jan 30, 2025Ravie LakshmananVulnerability / Cloud Security Cybersecurity researchers have disclosed a critical security flaw in the Lightning AI Studio development platform that, if successfully exploited, could allow for remote code execution. The vulnerability, rated a CVSS score of 9.4,…

Security researchers have warned of a new attack which could enable malicious extensions to gain full control of a targeted browser and device, with minimal user interaction. SquareX said that, until now, the limitations that browser vendors place on the…

Jan 30, 2025Ravie LakshmananOnline Fraud / Cybercrime An international law enforcement operation has dismantled the domains associated with various online platforms linked to cybercrime such as Cracked, Nulled, Sellix, and StarkRDP. The effort has targeted the following domains – www.cracked.io…

DeepSeek, the latest AI chatbot provider out of China, has quickly come under scrutiny from cybersecurity experts who recently found an infrastructure vulnerability relating to the firm’s AI database. Researchers from cloud security firm Wiz uncovered an exposed database leaking…

The job of a SOC analyst has never been easy. Faced with an overwhelming flood of daily alerts, analysts (and sometimes IT teams who are doubling as SecOps) must try and triage thousands of security alerts—often false positives—just to identify…

The UK’s leading cybersecurity agency has called on the software industry to wipe out an entire class of vulnerabilities at source, through improved developer security practices. The National Cyber Security Centre (NCSC) argued in a blog post on Wednesday that…

Jan 30, 2025Ravie LakshmananVulnerability / IoT Security A Mirai botnet variant dubbed Aquabot has been observed actively attempting to exploit a medium-severity security flaw impacting Mitel phones in order to ensnare them into a network capable of mounting distributed denial-of-service…

Jan 30, 2025Ravie LakshmananWeb Security / Vulnerability Three security flaws have been disclosed in the open-source PHP package Voyager that could be exploited by an attacker to achieve one-click remote code execution on affected instances. “When an authenticated Voyager user…

What happens when eager computer enthusiasts unknowingly download a trojanized hacking tool and find themselves on the wrong side of cybersecurity? A former employee’s actions led to chaos and raise urgent questions about the security of cultural treasures. And join…

Threat actors exploited new vulnerabilities and moved from initial access to lateral movement much faster in 2024, challenging network defenders to accelerate incident response, according to ReliaQuest. The security operations (SecOps) specialist analyzed customer data and compared its findings with…