Latest News
Cybersecurity researchers have disclosed details of a now-patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run that could have allowed a malicious actor to access container images and even inject malicious code. "The vulnerability could have allowed such an identity to abuse its Google Cloud Run revision edit permissions in order to pull private Google Artifact
A generative AI nudify service has been found storing explicit deepfakes in an unprotected cloud database.
Delaware, USA, 2nd April 2025, CyberNewsWire
`PyString::from_object` took `&str` arguments and forwarded them directly to the Python C API without checking for terminating nul bytes. This could lead the Python interpreter to read beyond the end of the `&str` data and potentially leak contents of the out-of-bounds read (by raising a Python exception containing a copy of the data including the overflow). In PyO3 0.24.1 this function will now allocate a `CString` to guarantee a terminating nul bytes. PyO3 0.25 will likely offer an alternative API which takes `&CStr` arguments.
Introduction As the cybersecurity landscape evolves, service providers play an increasingly vital role in safeguarding sensitive data and maintaining compliance with industry regulations. The National Institute of Standards and Technology (NIST) offers a comprehensive set of frameworks that provide a clear path to achieving robust cybersecurity practices. For service providers, adhering to NIST
Cybersecurity researchers have shed light on an "auto-propagating" cryptocurrency mining botnet called Outlaw (aka Dota) that's known for targeting SSH servers with weak credentials. "Outlaw is a Linux malware that relies on SSH brute-force attacks, cryptocurrency mining, and worm-like propagation to infect and maintain control over systems," Elastic Security Labs said in a new analysis
When assessing an organization’s external attack surface, encryption-related issues (especially SSL misconfigurations) receive special attention. Why? Their widespread use, configuration complexity, and visibility to attackers as well as users make them more likely to be exploited. This highlights how important your SSL configurations are in maintaining your web application security and
The financially motivated threat actor known as FIN7 has been linked to a Python-based backdoor called Anubis (not to be confused with an Android banking trojan of the same name) that can grant them remote access to compromised Windows systems. "This malware allows attackers to execute remote shell commands and other system operations, giving them full control over an infected machine," Swiss
Cybersecurity researchers have discovered an updated version of a malware loader called Hijack Loader that implements new features to evade detection and establish persistence on compromised systems. "Hijack Loader released a new module that implements call stack spoofing to hide the origin of function calls (e.g., API and system calls)," Zscaler ThreatLabz researcher Muhammed Irfan V A said in
Version 1.15.1 might feel like a run-of-the-mill new release of cert-manager Operator for Red Hat OpenShift but actually it features more than a few notable enhancements to improve the security posture of your OpenShift clusters. This exciting release improves the overall security posture of your OpenShift clusters, and expands upon your ability to protect your cluster networking communications with TLS certificates managed by cert-manager. The release of Red Hat OpenShift 4.18 emphasises zero trust architecture, and introduces as Technology Preview, the powerful istio-csr agent via cert-manag