BeyondTrust warns of pre-auth RCE in Remote Support software
BeyondTrust has released security updates to fix a high-severity flaw in its Remote Support (RS) and Privileged Remote Access (PRA) solutions that can let unauthenticated attackers gain remote code execution on vulnerable servers.
New Linux udisks flaw lets attackers get root on major Linux distros
Attackers can exploit two newly discovered local privilege escalation (LPE) vulnerabilities to gain root privileges on systems running major Linux distributions.
Asana warns MCP AI feature exposed customer data to other orgs
Work management platform Asana is warning users of its new Model Context Protocol (MCP) feature that a flaw in its implementation potentially led to data exposure from their instances to other users and vice versa.
MY TAKE: Microsoft owns AI jailbreak risk â Google, Meta, Amazon, OpenAI look the other way
Last week at Microsoft Build, Azure CTO Mark Russinovich made headlines by telling the truth. Related: A basis for AI optimism In a rare moment of public candor from a Big Tech executive, Russinovich warned that current AI architecturesâparticularly autoregressive transformersâhave structural limitations we wonât engineer our way past. And more than that, he acknowledged
Scattered Spider hackers targeting insurance industry following retail hits, Google warns
Security analysts at Googleâs Threat Intelligence Group published a warning this week to insurance companies, writing that it is ânow aware of multiple intrusions in the US which bear all the hallmarks of Scattered Spider activity.â
Pro-Cambodian hacktivists launch attacks on Thai government sites amid border dispute
The AnonsecKh group, which goes by Bl4ckCyb3r on Telegram, claimed at least 73 attacks on Thai organizations in the two weeks following a May 28 incident in which a Cambodian soldier was killed in a skirmish with Thai forces.
Instagram 'BMO' ads use AI deepfakes to scam banking customers
Instagram ads impersonating financial institutions like Bank of Montreal (BMO) and EQ Bank (Equitable Bank) are being used to target Canadian consumers with phishing scams and investment fraud.
Some ads use AI-powered deepfake videos in an attempt to collect your personal information, while others drive traffic to phishing pages.
Cyber experts call for supercharging volunteer network to protect community organizations | CyberScoop
To defend âtarget rich, resource poorâ critical infrastructure from cyberattacks, the U.S. must expand its patchwork volunteer system, a new report concludes.
New Veeam RCE flaw lets domain users hack backup servers
âVeeam has released security updates today to fix several Veeam Backup & Replication (VBR) flaws, including a critical remote code execution (RCE) vulnerability.
UK fines 23andMe for âprofoundly damagingâ breach exposing genetics data
The UK Information Commissioner's Office (ICO) has fined genetic testing provider 23andMe ÂŁ2.31 million ($3.12 million) over 'serious security failings' that led to a 'profoundly damaging'Â data breach in 2023.
Sitecore CMS exploit chain starts with hardcoded 'b' password
A chain of Sitecore Experience Platform (XP) vulnerabilities allows attackers to perform remote code execution (RCE) without authentication to breach and hijack servers.