Fortinet Releases Multiple Security Advisories

Fortinet has released 18 security advisories to address a range of security vulnerabilities in multiple products. Three of the advisories address two high severity vulnerabilities in FortiClient for Windows and one high severity vulnerability in FortiOS affecting SSLVPN sessions. FortiClient Read More …

FBI: 2023 Top Routinely Exploited Vulnerabilities

In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets. In 2023, the majority of the most frequently exploited vulnerabilities were initially exploited as a Read More …

ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI

In the race to gain a competitive edge, organizations are increasingly training artificial intelligence (AI) models on sensitive data. But what if a seemingly harmless AI model became a gateway for attackers? A malicious actor could upload a poisoned model Read More …

Tracking the recent activities of the APT-Q-27

Overview In May 2022, Qi’anxin Threat Intelligence Center published an article titled “Operation Dragon Breath (APT-Q-27): A Dimensionality Reduction Attack on the Gambling Industry”, disclosing the attack activities of GoldenEyeDog (Qi’anxin internal tracking number APT-Q-27) against the gambling industry, and Read More …

Amazon Confirms Employee Data Was Exposed Through MOVEit Breach

In a significant development that underscores the lasting impact of 2023’s MOVEit vulnerability, Amazon has confirmed that employee data was compromised through a third-party property management vendor. The breach, revealed by a threat actor known as “Nam3L3ss,” exposes the continuing Read More …

AT&T, Ticketmaster data breach hackers charged with stealing 50 billion records

The U.S. has indicted two individuals, Connor Moucka and John Binns, according to new documents, for hacking third-party cloud data storage and analytics company Snowflake. The Snowflake hack led to data breaches at numerous companies using the platform such as Read More …

New Google Chrome Warning As ‘No 0-Day’ Drive-By Cyber Attack Confirmed

The cost of zero-day exploits has always been high, especially if they allow an attacker to remotely execute code on a host machine. But why pay hundreds of thousands of dollars for an 0-day when a relatively simple drive-by attack Read More …

Pentagon leaker Jack Teixeira sentenced to 15 years in prison

Jack Teixeira, a member of the Massachusetts National Guard, has been jailed for 15 years for leaking classified documents about the war in Ukraine and other military secrets. A federal judge in Boston, United States, on Tuesday sentenced the 22-year-old Read More …

Hot Topic data breach thought to have hit nearly 54 million customers

Breach notification site Have I Been Pwned has confirmed the personal data of 56,904,909 users was found online, leaked from Hot Topic, Torrid, and Box Lunch customers. Threat actor ‘Satanic’ claimed responsibility for the breach, which was allegedly carried out Read More …