Security Bulletin

Garantex had its websites sequestered as part of a joint U.S. and European law enforcement clampdown.

MongoDB credentials accounted for most of the secrets exposed on public GitHub repositories.

Open-source AI models could be stealthily compromised through the exploitation of 4 security issues.

Initial attacks involved the utilization of the PipeMagic backdoor to distribute the exploit.

Several SSRF flaws have been concurrently abused by over 400 IP addresses.

Attacks by Medusa involved the enlistment of initial access brokers who are paid $100 to $1 million.

Littleton Electric Light and Water Departments was compromised for over 300 days in 2023.

UNC3886 targeted the outdated Juniper routers to deploy the Medusa and Reptile rootkits.

The new The F5 Application Delivery Controller and Security Platform combines BIG-IP, NGNIX and Distributed Cloud Services and new AI Gateway and AI Assistants.

Researchers from Symantec showed how OpenAI's Operator agent, currently in research preview, can be used to construct a basic phishing attack from start to finish.

Following increasing attacks on healthcare organizations, the United Arab Emirates has refined its regulatory strategy for improving cybersecurity in healthcare.

According to a CRA survey, 50% of healthcare organizations are already using AI tools in their cybersecurity practices.