Topic: security vulnerabilities
-
Brave Exposes Critical AI Browser Security Flaws
Brave uncovered critical security flaws in AI browsers like Perplexity Comet and Fellou, where malicious websites can hijack AI assistants to access sensitive user accounts and data through indirect prompt injection attacks. These vulnerabilities allow attackers to embed hidden commands in webpag...
Read More » -
Docker Hardened Images: Now Affordable for Small Businesses
Docker now offers unlimited access to its Hardened Images catalog through an affordable subscription, making secure, vulnerability-checked container images accessible to startups and small businesses with a 30-day free trial. These images are built from source code, stripped of non-essential comp...
Read More » -
Ox Security Raises $60M to Boost Code Vulnerability Scanning
Ox Security, a platform for detecting vulnerabilities in AI-generated and traditional code, raised $60 million in Series B funding, led by DTCP with support from IBM Ventures and Microsoft, totaling $94 million in funding. Founded by ex-Check Point engineers, Ox Security scans code for threats, s...
Read More » -
Claude for Chrome Enters Beta, Prompt Injection Risks Loom
Anthropic has launched a beta Chrome extension for its Claude AI assistant, allowing it to perform web-based tasks like scheduling and form completion, with initial access limited to 1,000 premium users to address security risks. The extension faces significant security vulnerabilities, such as p...
Read More » -
AI-Generated Code: The Hidden Cost of Human Cleanup
AI-generated code now accounts for about a quarter of production code but introduces new vulnerabilities, with many organizations experiencing security incidents due to flaws in this automated output. Accountability for security breaches involving AI-generated code is unclear, as responsibility i...
Read More » -
Apple Boosts Bug Bounty to $2 Million for Critical Exploits
Apple is increasing its bug bounty rewards to up to $2 million for critical exploit chains, aiming to secure its ecosystem of over 2.35 billion active devices and incentivize researchers to report severe vulnerabilities directly. The program includes bonuses for bypassing Lockdown Mode or finding...
Read More » -
Urgent: Hackers Exploit Unpatched Oracle EBS Vulnerabilities
Oracle has confirmed active exploitation of unpatched vulnerabilities in its E-Business Suite, with hackers sending extortion emails claiming to have stolen sensitive corporate data. The vulnerabilities were resolved in the July 2025 Critical Patch Update, which addressed nine EBS flaws, includin...
Read More » -
Apple Rolls Out iOS 18.6 & macOS 15.6 Updates as Current Gen Nears End
Apple has released updates (iOS 18.6, iPadOS 18.6, macOS Sequoia 15.6, etc.) focusing on security patches and minor improvements, while preparing for major fall releases. The updates address over two dozen vulnerabilities and introduce compliance measures for EU users, such as support for alterna...
Read More » -
McDonald’s AI Hiring Bot Leaked Millions of Applicants’ Data Due to Weak Security
McDonald’s AI hiring chatbot, Olivia, exposed millions of job applicants' personal data due to weak security, including a default password like "123456" granting full database access. Security researchers Ian Carroll and Sam Curry easily breached the system, uncovering sensitive applicant details...
Read More » -
F5 Networks Breached: Hackers Stole Code and Customer Data
State-sponsored hackers breached F5 Networks' systems, stealing proprietary source code and sensitive customer data, with the company detecting the intrusion on August 9 and implementing containment measures. The attackers accessed F5's BIG-IP development environment and knowledge systems, exposi...
Read More » -
SystemBC Malware Hijacks VPS Servers as Proxy Gateways
The SystemBC proxy botnet targets vulnerable commercial virtual private servers, maintaining around 1,500 daily compromised systems to route malicious traffic and mask cybercriminal activities. It is widely used by ransomware groups and other threat actors, leveraging unpatched security flaws in ...
Read More » -
Windows 10 Gets Final Major Update as Windows 11 Takes the Spotlight
The final major update for Windows 10 has been released, as Microsoft shifts focus to Windows 11, with official support ending next month and users needing to upgrade or enroll in extended security services. The September update includes crucial security patches addressing 81 vulnerabilities, inc...
Read More » -
Ex-WhatsApp Security Chief Sues Meta, Calls Culture a "Cult"
Meta's advertisements claim WhatsApp ensures complete user privacy, but a lawsuit by its former security head alleges the company concealed significant security vulnerabilities. The suit contends that around 1,500 WhatsApp engineers had unrestricted access to user data, potentially violating an F...
Read More » -
Vibe Coding: The Dark Side of the New Open Source
Vibe coding uses AI to rapidly generate functional code, accelerating development but introducing significant security challenges to software supply chains. AI-generated code often reproduces historical vulnerabilities from flawed training data and lacks nuanced understanding of project-specific ...
Read More » -
AI Agents Targeted by Stealthy Web Poisoning Attacks
A new cyber threat called parallel web poisoning targets AI agents by serving them hidden malicious webpages that exploit their predictable digital fingerprints. This attack is stealthy because it bypasses traditional defenses by remaining invisible to human users and standard security scanners, ...
Read More » -
Get Windows 10 Update Now Available in Microsoft Store
Microsoft now offers a paid Windows 10 Extended Security Updates (ESU) option for $30, providing one year of critical security patches without requiring a persistent Microsoft Account login. This paid ESU addresses user frustration with mandatory cloud accounts, offering a compromise for security...
Read More » -
XWorm Malware Returns with Ransomware & 35+ Plugins
XWorm malware has evolved with ransomware capabilities and over 35 plugins, distributed by multiple threat actors through phishing campaigns after the original developer's departure. Initially a versatile remote access trojan, it steals sensitive data, enables DDoS attacks, and has been widely ad...
Read More » -
Intel, AMD Secure Enclaves Breached by Physical Attacks
Hardware-level security features like Intel's SGX and AMD's SEV-SNP create isolated, encrypted environments in processors to protect sensitive data, widely used by platforms such as Signal and WhatsApp. Recent academic studies have exposed vulnerabilities in these technologies, with attacks like ...
Read More » -
UK Renews Push Against Apple Encryption
The UK government has renewed demands for Apple to provide special access to encrypted iCloud user data, specifically targeting British citizens' backups, reversing earlier indications that the effort was dropped. Despite previous reports that the UK had dropped the mandate due to US pressure and...
Read More » -
Decoding the .7ga9lt4bur7 Ransomware (Mimic/Pay2Key)
A sophisticated ransomware attack has encrypted critical business files and exfiltrated sensitive company data, including employee records and financial documents. The attackers demand payment for a decryption tool and threaten to publish the stolen data, which could lead to regulatory fines, law...
Read More » -
OpenAI's ChatGPT Desktop App for Mac is Here
OpenAI has launched the ChatGPT desktop app Atlas for Mac, integrating conversational AI directly into a dedicated browser for a unified search and browsing experience. The app includes features like a persistent ChatGPT sidebar for on-page assistance, Cursor chat for text editing, and Agent Mode...
Read More » -
OpenAI reinstates old ChatGPT models amid GPT-5 rollout issues
OpenAI temporarily reinstated access to older ChatGPT models due to technical issues and performance inconsistencies with GPT-5, highlighting challenges in deploying advanced AI at scale. Users reported GPT-5 underperforming in tasks like arithmetic and coding, prompting OpenAI to improve model r...
Read More » -
AI Experts Demand More Supply Chain Transparency
The push for AI transparency is growing due to rapid adoption of generative AI, with the **AI Bill of Materials (AIBOM)** proposed as a standardized framework to document AI system components. Industry and policymakers are advancing AIBOM efforts, with groups like the **G7 Cybersecurity Working G...
Read More » -
Model Context Protocol: The Emerging AI Integration Layer
The rapid advancement of AI systems brings powerful capabilities but also growing complexity, with unique interfaces for each model leading to excessive integration efforts and hidden costs. Anthropic's Model Context Protocol (MCP) proposes a standardized, stateless framework for LLM-tool interac...
Read More »
