Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning

Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft. "Collectively, the vulnerabilities could allow an attacker to carry out a wide-range of malicious actions with a single HTTP request, including

The Hacker News
Open in Source
#vulnerability#web#mac#windows#linux#dos#git#intel#rce#auth#docker#The Hacker News
Scammers Use DocuSign API to Evade Spam Filters with Phishing Invoices

Scammers are exploiting DocuSign’s APIs to send realistic fake invoices, primarily targeting security software like Norton. This phishing…

Cyber Threats That Could Impact the Retail Industry This Holiday Season (and What to Do About It)

As the holiday season approaches, retail businesses are gearing up for their annual surge in online (and in-store) traffic. Unfortunately, this increase in activity also attracts cybercriminals looking to exploit vulnerabilities for their gain.  Imperva, a Thales company, recently published its annual holiday shopping cybersecurity guide. Data from the Imperva Threat Research team’s

Inside the Massive Crime Industry That’s Hacking Billion-Dollar Companies

When you download a piece of pirated software, you might also be getting a piece of infostealer malware, and entering a highly complex hacking ecosystem that’s fueling some of the biggest breaches on the planet.

NAKIVO Backup for MSP: Best Backup Solution for MSPs

Explore the features of the NAKIVO MSP backup solution. Choose the best MSP backup software to protect client…

Florida Man Accused of Hacking Disney World Menus, Changing Font to Wingdings

Plus: Cops take down a notorious infostealer, Strava leaks world leaders’ locations, and a hacking scandal is causing chaos in Italy.

Booking.com Phishers May Leave You With Reservations

A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. We'll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the world's most visited travel website.

Azure AI Vulnerabilities Allowed Attacks to Bypass Moderation Safeguards

Mindgard researchers uncovered critical vulnerabilities in Microsoft’s Azure AI Content Safety service, allowing attackers to bypass its safeguards…

IT Security Centralization Makes the Use of Industrial Spies More Profitable

As organizations centralize IT security, the risk of espionage is silently becoming a more profitable threat.

Ping Identity PingIDM 7.5.0 Query Filter Injection

Ping Identity PingIDM versions 7.0.0 through 7.5.0 enabled an attacker with read access to the User collection, to abuse API query filters in order to obtain managed and/or internal user's passwords in either plaintext or encrypted variants, based on configuration. The API clearly prevents the password in either plaintext or encrypted to be retrieved by any other means, as this field is set as protected under the User object. However, by injecting a malicious query filter, using password as the field to be filtered, an attacker can perform a blind brute-force on any victim's user password details (encrypted object or plaintext string).