Security Bulletin

Two weeks ago, version 1.3.0 of Langflow was released. The release notes list many fixes but do not mention that one of the "Bug Fixes" addresses a major vulnerability. Instead, the release notes state, "auth current user on code validation." [1]

The $40 million startup was relying on manpower in the Philippines to run the so-called "AI" tool.

A new PowerShell backdoor and persistence technique that hijacks TypeLib were discovered.

Nations continue to sign the Code of Practice for States in an effort to curb commercial spyware, yet implementation and enforcement concerns have yet to be figured out.

The threat actor, also known as Goffee, has been active since at least 2022 and has changed its tactics and techniques over the years while targeting Russian organizations.

PAN points out that to date, the brute-force attacks have not led to exploitation.

The most damaging attacks continue to be ransomware, but financial fraud claims are more numerous — and both are driven by increasing third-party breaches.

With $4.4 billion in worldwide data breach fines in 2024, the cost of not knowing who's walking into your systems is devastating.

Developing strong incident response plans remains an area that requires significant improvement. Here are some shortcomings and how to address them.

SecurityWeek reports that fixes have been issued by Juniper Networks for dozens of security issues impacting its Junos OS and Junos OS Evolved offerings, as well as Junos Space third-party dependencies.

Ninety percent of 40 widely known genetic testing services firms, including 23andMe, Ancestry, and MyHeritage, had received a C grade at most for their cybersecurity efforts, indicating the pervasiveness of poor cybersecurity practices across the DNA...