Magánszemélyeknek

Widely known artificial intelligence email assistant EmailGPT was discovered by researchers from Synopsys' Cybersecurity Research Center to be impacted by a medium-severity prompt injection vulnerability, which could be exploited to enable data exposure, financial loss, and denial-of-service attacks, according to Hackread.

BleepingComputer reports that dozens of GitHub repositories are having their contents erased in an ongoing attack campaign by the Gitloker threat operation.

Vulnerable Apache RocketMQ instances impacted by the critical remote code execution bug, tracked as CVE-2023-33246, are being targeted by the Muhstik botnet to facilitate more expansive distributed denial-of-service and cryptocurrency mining intrusions, reports The Hacker News.

Ongoing intrusions exploiting a pair of old remote code execution flaws in the widely used open-source web app framework ThinkPHP, tracked as CVE-2018-20062 and CVE-2019-9082, have been conducted by Chinese hackers since April, following a similar attack campaign launched in October, according to SecurityWeek.

Attacks leveraging breached VPN credentials have been deployed by the new Fog ransomware operation against organizations in the U.S. education sector since early last month, BleepingComputer reports.

Establishing a clear process for developers to respond to critical CVEs is essential for having a rapid and coordinated response.

Each insider threat incident averages a $15 million loss, so teams really need to rethink their plans to mitigate these threats.