Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Researchers Identify Over 20 Supply Chain Vulnerabilities in MLOps Platforms

Cybersecurity researchers are warning about the security risks in the machine learning (ML) software supply chain following the discovery of more than 20 vulnerabilities that could be exploited to target MLOps platforms. These vulnerabilities, which are described as inherent- and implementation-based flaws, could have severe consequences, ranging from arbitrary code execution to loading

The Hacker News
Open in Source
#xss#vulnerability#web#mac#dos#java#intel#auth#The Hacker News
Unpacking Slack Hacks: 6 Ways to Protect Sensitive Data with Secure Collaboration

Nowadays, sensitive and critical data is traveling in everyday business channels that offer only the basic level of security and encryption, and companies are often oblivious to the risk. A case in point: Disney suffered a devastating data leak by a hacktivist group known as NullBulge that got hold of over 1.2 terabytes of data from Disney's internal Slack messaging channels. The breach exposed

The US Navy Has Run Out of Pants

Plus: The US intelligence community formally blames Iran for Trump campaign hack, aircraft-tracking platform FlightAware says a “configuration error” exposed sensitive user data, and more.

Meta Exposes Iranian Hacker Group Targeting Global Political Figures on WhatsApp

Meta Platforms on Friday became the latest company after Microsoft, Google, and OpenAI to expose the activities of an Iranian state-sponsored threat actor, who it said used a set of WhatsApp accounts that attempted to target individuals in Israel, Palestine, Iran, the U.K., and the U.S. The activity cluster, which originated from Iran, "appeared to have focused on political and diplomatic

New PEAKLIGHT Dropper Deployed in Attacks Targeting Windows with Malicious Movie Downloads

Cybersecurity researchers have uncovered a never-before-seen dropper that serves as a conduit to launch next-stage malware with the ultimate goal of infecting Windows systems with information stealers and loaders. "This memory-only dropper decrypts and executes a PowerShell-based downloader," Google-owned Mandiant said. "This PowerShell-based downloader is being tracked as PEAKLIGHT." Some of

When War Came to Their Country, They Built a Map

The Telegram channel and website Deep State uses public data and insider intelligence to power its live tracker of Ukraine’s ever-shifting front line.

No, not every Social Security number in the U.S. was stolen

It’s not unusual for a threat actor to exaggerate the extent of a hack or breach to drum up interest, and hopefully, the eventual purchase or ransom price.

Ubuntu Security Notice USN-6974-1

Ubuntu Security Notice 6974-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild

Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild. Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine. "Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap

The US Government Wants You—Yes, You—to Hunt Down Generative AI Flaws

The AI ethics nonprofit Humane Intelligence and the US National Institute of Standards and Technology are launching a series of contests to get more people probing for problems in generative AI systems.