News
-
Major Security Flaw in Train Brake Systems Exposes US Rail Network to Risks
A critical security vulnerability in the US freight rail system, reported by researcher Neil Smith, has raised alarms about the potential for malicious actors to control train braking systems remotely, with no immediate solution in sight.
-
Denmark Proposes Landmark Copyright Amendment to Combat Deepfake Technology
Denmark is set to propose a groundbreaking amendment to its copyright laws allowing individuals to claim ownership of their likeness as a means to combat the growing threat of deepfake technology. The legislation aims to empower citizens to have unauthorized digital reproductions of their image and voice removed from online platforms.
-
Serious eSIM Vulnerability Exposed in Kigen’s Technology Poses Major Risks to Users
Cybersecurity researchers have uncovered a concerning vulnerability in Kigen’s eSIM technology that may expose users to significant security risks, as noted by Security Explorations, which was awarded a $30,000 bounty for its findings.
-
Security Flaw in Google’s Gemini Could Facilitate Phishing Attacks
A newly discovered security flaw in Google’s Gemini for Workspace may enable phishing attacks through deceptive email summaries. Researchers warn that invisible directives can be injected into emails, leading Gemini to generate misleading content. While Google is reinforcing its defenses, users are advised to remain cautious.
-
Critical SQL Injection Vulnerability Uncovered in Fortinet FortiWeb
Cybersecurity researchers have uncovered a critical SQL injection vulnerability in Fortinet’s FortiWeb Fabric Connector, allowing unauthenticated remote code execution. Organizations are urged to update their systems immediately to mitigate the risk of full system compromise.
-
Security Flaw Exposes Hundreds of Laravel Applications to Remote Code Execution
A vulnerability affecting over 600 Laravel applications has been discovered, allowing the exploitation of leaked APP_KEYs to gain remote code execution capabilities. Cybersecurity experts emphasize the importance of immediate key rotation and continuous monitoring to prevent such security breaches.
-
DoNot APT Group Launches Cyber Espionage Attack on European Foreign Affairs Ministry
The DoNot APT group has launched a sophisticated cyber espionage attack on a European foreign affairs ministry, marking a significant expansion beyond its traditional focus on South Asia, according to researchers at Trellix.
-
NVIDIA Alerts Users on Rowhammer Vulnerability Affecting GDDR6 GPUs
NVIDIA is warning users to enable System Level ECC to mitigate the risk of Rowhammer attacks on GPUs with GDDR6 memory, following recent research demonstrating the vulnerability on the A6000 model.
-
Paddy Power and Betfair Confirm Data Breach Affecting 800,000 Customers
Paddy Power and Betfair have confirmed a data breach affecting up to 800,000 customers, with information such as usernames and email addresses compromised. The companies assure that sensitive payment details remain secure, although partial payment data may be at risk.
-
Security Flaw in McDonald’s AI Hiring Tool Exposes Personal Data of 64 Million Job Seekers
A security flaw in McDonald’s AI hiring tool, McHire, has led to the exposure of personal data for over 64 million job seekers. Researchers discovered that default credentials and an Insecure Direct Object Reference vulnerability allowed unauthorized access to sensitive information.
