Cybercrime
-
Security Flaw in Google’s Gemini Could Facilitate Phishing Attacks
A newly discovered security flaw in Google’s Gemini for Workspace may enable phishing attacks through deceptive email summaries. Researchers warn that invisible directives can be injected into emails, leading Gemini to generate misleading content. While Google is reinforcing its defenses, users are advised to remain cautious.
-
Critical SQL Injection Vulnerability Uncovered in Fortinet FortiWeb
Cybersecurity researchers have uncovered a critical SQL injection vulnerability in Fortinet’s FortiWeb Fabric Connector, allowing unauthenticated remote code execution. Organizations are urged to update their systems immediately to mitigate the risk of full system compromise.
-
Security Flaw Exposes Hundreds of Laravel Applications to Remote Code Execution
A vulnerability affecting over 600 Laravel applications has been discovered, allowing the exploitation of leaked APP_KEYs to gain remote code execution capabilities. Cybersecurity experts emphasize the importance of immediate key rotation and continuous monitoring to prevent such security breaches.
-
DoNot APT Group Launches Cyber Espionage Attack on European Foreign Affairs Ministry
The DoNot APT group has launched a sophisticated cyber espionage attack on a European foreign affairs ministry, marking a significant expansion beyond its traditional focus on South Asia, according to researchers at Trellix.
-
NVIDIA Alerts Users on Rowhammer Vulnerability Affecting GDDR6 GPUs
NVIDIA is warning users to enable System Level ECC to mitigate the risk of Rowhammer attacks on GPUs with GDDR6 memory, following recent research demonstrating the vulnerability on the A6000 model.
-
Paddy Power and Betfair Confirm Data Breach Affecting 800,000 Customers
Paddy Power and Betfair have confirmed a data breach affecting up to 800,000 customers, with information such as usernames and email addresses compromised. The companies assure that sensitive payment details remain secure, although partial payment data may be at risk.
-
Nippon Steel Solutions Reports Data Breach Amid Cybersecurity Investigation
Nippon Steel Solutions has reported a data breach following a zero-day vulnerability exploitation, impacting customer and employee data. The company is investigating the incident while implementing stricter security measures.
-
Major Security Flaw Exposes Billions of eSIM Devices to Spy Attacks
A new study reveals critical vulnerabilities in eSIM technology, affecting billions of devices worldwide. Security expert Adam Gowdiak warns that these flaws could allow attackers to spy on users and manipulate services, raising concerns over the potential for espionage and unauthorized access to sensitive information.
-
Critical Remote Code Execution Vulnerability Discovered in mcp-remote Project
A critical vulnerability in the mcp-remote project could allow hackers to execute arbitrary operating system commands, prompting updates and stronger security practices for users.
-
Vulnerabilities in Bluetooth Technology Threaten Major Automakers
Recent vulnerabilities discovered in the BlueSDK Bluetooth stack pose critical security risks for major automakers, with potential for remote code execution and unauthorized access to vehicle systems.
