Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

How Microsoft defends against indirect prompt injection attacks

Summary The growing adoption of large language models (LLMs) in enterprise workflows has introduced a new class of adversarial techniques: indirect prompt injection. Indirect prompt injection can be used against systems that leverage large language models (LLMs) to process untrusted data. Fundamentally, the risk is that an attacker could provide specially crafted data that the LLM misinterprets as instructions.

msrc-blog
Open in Source
#vulnerability#web#ios#microsoft#git#intel#auth#dell
Scattered Spider Launching Ransomware on Hijacked VMware Systems, Google

A new report from Google's GTIG reveals how UNC3944 (0ktapus) uses social engineering to compromise Active Directory, then exploits VMware vSphere for data theft and direct ransomware deployment. Understand their tactics and learn vital mitigation steps.

macOS Sploitlight Flaw Exposes Apple Intelligence-Cached Data to Attackers

macOS flaw dubbed Sploitlight allows attackers to access Apple Intelligence-cached data by abusing Spotlight plugins, bypassing privacy controls.

GHSA-rfx3-ffrp-6875: Duplicate Advisory: sequoia-openpgp vulnerable to out-of-bounds array access leading to panic

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-25mx-8f3v-8wh7. This link is maintained to preserve external references. ### Original Description The sequoia-openpgp crate before 1.16.0 for Rust allows out-of-bounds array access and a panic.

Researchers Expose Massive Online Fake Currency Operation in India

Cybersecurity researchers at CloudSEK’s STRIKE team used facial recognition and GPS data to expose a massive, over $2…

BreachForums Resurfaces on Original Dark Web (.onion) Address

BreachForums resurfaces on its original .onion domain amid law enforcement crackdowns, raising questions about its admin, safety and future.

Operation Checkmate: BlackSuit Ransomware’s Dark Web Domains Seized

International law enforcement agencies, including the FBI and Europol, have successfully seized the infrastructure of the notorious BlackSuit ransomware gang in Operation Checkmate. This article details the takedown, BlackSuit's origins, and the ongoing fight against evolving cyber threats.

Patchwork Targets Turkish Defense Firms with Spear-Phishing Using Malicious LNK Files

The threat actor known as Patchwork has been attributed to a new spear-phishing campaign targeting Turkish defense contractors with the goal of gathering strategic intelligence. "The campaign employs a five-stage execution chain delivered via malicious LNK files disguised as conference invitations sent to targets interested in learning more about unmanned vehicle systems," Arctic Wolf Labs said

Bloomberg Comdb2 null pointer dereference and denial-of-service vulnerabilities

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Bloomberg Comdb2.   Comdb2 is an open source, high-availability database developed by Bloomberg. It supports features such as clustering, transactions, snapshots, and isolation. The implementation of the database utilizes optimistic locking for concurrent operation. The vulnerabilities