Security
Headlines
HeadlinesLatestCVEs

Tag

#google

GHSA-vpxm-cr3r-pjp9: General OpenMRS Security Advisory, January 2025: Penetration Testing Results and Patches

### Impact We recently underwent Penetration Testing of OpenMRS by a third-party company. **Vulnerabilities were found, and fixes have been made and released.** We've released security updates that include critical fixes, and so, we strongly recommend upgrading affected modules. **This notice applies to _all_ OpenMRS instances.** The testers used the OpenMRS v3 Reference Application (O3 RefApp); however, their findings highlighted modules commonly used in older OpenMRS applications, including the O2 RefApp. ## Vulnerability Details - The issues uncovered included broken access control (e.g. inappropriate admin access), phishing vulnerability, and stored XSS (e.g. vulnerable passwords). - No vulnerabilities were found in the O3 frontend esm modules. - The Letter of Attestation from the penetration test is [available here](https://drive.google.com/file/d/1sBm4-FzLA8hSoM9wYknBfgEttBHyLvoU/view?usp=sharing) for your reference. - After the fixes were applied, the OpenMRS O3 RefApp met ...

ghsa
Open in Source
#xss#vulnerability#google#ssh#ssl
Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations

Over 57 distinct threat actors with ties to China, Iran, North Korea, and Russia have been observed using artificial intelligence (AI) technology powered by Google to further enable their malicious cyber and information operations. "Threat actors are experimenting with Gemini to enable their operations, finding productivity gains but not yet developing novel capabilities," Google Threat

New Jailbreaks Allow Users to Manipulate GitHub Copilot

Whether by intercepting its traffic or just giving it a little nudge, GitHub's AI assistant can be made to do malicious things it isn't supposed to.

Microsoft advertisers phished via malicious Google ads

Just days after we uncovered a campaign targeting Google Ads accounts, a similar attack has surfaced, this time aimed at Microsoft...

The DeepSeek controversy: Authorities ask where does the data come from and how safe is it?

The sudden rise of DeepSeek has raised questions of data origin, data destination, and the security of the new AI model.

Exposure Management Provider CYE Acquires Solvo

The addition of Solvo CSPM to CYE Hyver aims to address the need for multicloud vulnerability monitoring and risk assessment.

Exposed DeepSeek Database Revealed Chat Prompts and Internal Data

China-based DeepSeek has exploded in popularity, drawing greater scrutiny. Case in point: Security researchers found more than 1 million records, including user data and API keys, in an open database.

New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits

A team of security researchers from Georgia Institute of Technology and Ruhr University Bochum has demonstrated two new side-channel attacks targeting Apple silicon that could be exploited to leak sensitive information from web browsers like Safari and Google Chrome. The attacks have been codenamed Data Speculation Attacks via Load Address Prediction on Apple Silicon (SLAP) and Breaking the