Latest News
A vulnerability in the `FAISS.deserialize_from_bytes` function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the `os.system` function. The issue affects versions prior to 0.2.10.
Google has announced that it will be switching from KYBER to ML-KEM in its Chrome web browser as part of its ongoing efforts to defend against the risk posed by cryptographically relevant quantum computers (CRQCs). "Chrome will offer a key share prediction for hybrid ML-KEM (codepoint 0x11EC)," David Adrian, David Benjamin, Bob Beck, and Devon O'Brien of the Chrome Team said. "The
The U.S. Department of Treasury has imposed fresh sanctions against five executives and one entity with ties to the Intellexa Consortium for their role in the development, operation, and distribution of a commercial spyware called Predator. "The United States will not tolerate the reckless propagation of disruptive technologies that threatens our national security and undermines the privacy and
Since launching ChatGPT in 2022, OpenAI has defied expectations with a steady stream of product announcements and enhancements. One such announcement came on May 16, 2024, and for most consumers, it probably felt innocuous. Titled “Improvements to data analysis in ChatGPT,” the post outlines how users can add files directly from Google Drive and Microsoft OneDrive. It’s worth mentioning
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Yokogawa Equipment: Dual-redundant Platform for Computer (PC2CKM) Vulnerability: Unchecked Return Value 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a denial-of-service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Yokogawa PC2CKM, a dual-redundant platform computer, are affected: Dual-redundant Platform for Computer (PC2CKM): R1.01.00 to R2.03.00 3.2 Vulnerability Overview 3.2.1 UNCHECKED RETURN VALUE CWE-252 If a computer on which the affected product is installed receives a large number of UDP broadcast packets in a short period, occasionally that computer may restart. If both the active and standby computers are restarted at the same time, the functionality on that computer may be temporarily unavailable. CVE-2024-8110 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been cal...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC S7-200 SMART Devices Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens SIMATIC S7-200 SMART Devices are affected: SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0): All versions SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0): All Versions SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0): All Versions SIMATIC S7-200 SMART CPU SR20 (6ES7288...
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Millbeck Communications Equipment: Proroute H685t-w Vulnerabilities: Command Injection, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary commands on the device's operating system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Millbeck Communications Proroute H685t-w, a 4G router, are affected: Proroute H685t-w: Version 3.2.334 3.2 Vulnerability Overview 3.2.1 Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-77 There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system. CVE-2024-45682 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.2 Improper Neutralization of...
Meta has announced that it will begin training its artificial intelligence (AI) systems using public content shared by adult users across Facebook and Instagram in the U.K. in the coming months. "This means that our generative AI models will reflect British culture, history, and idiom, and that UK companies and institutions will be able to utilize the latest technology," the social media
Hacktivists love to target financial services companies, and their attacks are growing both larger and longer.
Attackers could have exploited a dependency confusion vulnerability affecting various Google Cloud services to execute a sprawling supply chain attack via just one malicious Python code package.