Latest News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added three security flaws, each impacting AMI MegaRAC, D-Link DIR-859 router, and Fortinet FortiOS, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2024-54085 (CVSS score: 10.0) - An authentication bypass by spoofing

Israel's cyber pros are having to put theory into practice, as a notorious nation-state APT sponsored by Iran targets them with spear-phishing attacks.

Popular messaging platform WhatsApp has added a new artificial intelligence (AI)-powered feature that leverages its in-house solution Meta AI to summarize unread messages in chats. The feature, called Message Summaries, is currently rolling out in the English language to users in the United States, with plans to bring it to other regions and languages later this year. It "uses Meta AI to

Security continues to be a top priority for organizations managing Kubernetes clusters. Red Hat has made significant strides for improved security for containers with its latest release of Red Hat Advanced Cluster Security 4.8. This release focuses on simplifying management, enhancing workflows and offering visibility into the security of containerized environments.External IP visibility for improved securityRed Hat Advanced Cluster Security 4.8 introduces the general availability of a powerful new feature: The ability to visualize external IPs directly within the network graph dashboard. This

Organizations are moving away from the public cloud and embracing a more hybrid approach due to big changes over the past five years.

### Impact The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry (which it does by default since 5.0.0) allowing a possible Man In The Middle attack. ### Patches https://github.com/containers/podman/commit/726b506acc8a00d99f1a3a1357ecf619a1f798c3 Fixed in v5.5.2 ### Workarounds Download the disk image manually via some other tool that verifies the TLS connection. Then pass the local image as file path (podman machine init --image ./somepath)

### Impact Prior to 2.1.1 and 2.2.0, the `Steel.validateCommitment` Solidity library function will return `true` for a crafted commitment with a digest value of zero. This violates the semantics of `validateCommitment`, as this does not commitment to a block that is in the current chain. Because the digest is zero, it does not correspond to any block and there exist no known openings. As a result, this commitment will never be produced by a correct zkVM guest using Steel. Leveraging this bug to compromise the soundness of an application using Steel would require a separate bug or misuse of the Steel library, which is expected to be used to validate the root of state opening proofs (e.g. having the guest commit to a digest of zero, or failing to check the zkVM proof). Because this bug does not risk application integrity, correctly written applications are not at risk. ### Fix Please see [#605] for a full description of the bug, and the fix. This fix has been released as part of `ri...

Though rudimentary and largely non-functional, the wryly named "Skynet" binary could be a harbinger of things to come on the malware front.

Records of hundreds of emergency calls from ICE detention centers obtained by WIRED—including audio recordings—show a system inundated by life-threatening incidents, delayed treatment, and overcrowding.

Facial recognition is quickly becoming commonplace. It is important to know where, when, and how you can opt out.