Vulnerabilities
-
Louis Vuitton Investigates Data Breach Affecting UK Customers Amid Ongoing Cybersecurity Concerns
Luxury fashion house Louis Vuitton is investigating a data breach that has exposed customer information tied to its UK operations. This breach is the third linked to LVMH brands in recent months, raising concerns about security practices across the luxury retail sector.
-
Major Security Flaw in Train Brake Systems Exposes US Rail Network to Risks
A critical security vulnerability in the US freight rail system, reported by researcher Neil Smith, has raised alarms about the potential for malicious actors to control train braking systems remotely, with no immediate solution in sight.
-
Serious eSIM Vulnerability Exposed in Kigen’s Technology Poses Major Risks to Users
Cybersecurity researchers have uncovered a concerning vulnerability in Kigen’s eSIM technology that may expose users to significant security risks, as noted by Security Explorations, which was awarded a $30,000 bounty for its findings.
-
Security Flaw in Google’s Gemini Could Facilitate Phishing Attacks
A newly discovered security flaw in Google’s Gemini for Workspace may enable phishing attacks through deceptive email summaries. Researchers warn that invisible directives can be injected into emails, leading Gemini to generate misleading content. While Google is reinforcing its defenses, users are advised to remain cautious.
-
Critical SQL Injection Vulnerability Uncovered in Fortinet FortiWeb
Cybersecurity researchers have uncovered a critical SQL injection vulnerability in Fortinet’s FortiWeb Fabric Connector, allowing unauthenticated remote code execution. Organizations are urged to update their systems immediately to mitigate the risk of full system compromise.
-
Security Flaw Exposes Hundreds of Laravel Applications to Remote Code Execution
A vulnerability affecting over 600 Laravel applications has been discovered, allowing the exploitation of leaked APP_KEYs to gain remote code execution capabilities. Cybersecurity experts emphasize the importance of immediate key rotation and continuous monitoring to prevent such security breaches.
-
DoNot APT Group Launches Cyber Espionage Attack on European Foreign Affairs Ministry
The DoNot APT group has launched a sophisticated cyber espionage attack on a European foreign affairs ministry, marking a significant expansion beyond its traditional focus on South Asia, according to researchers at Trellix.
-
NVIDIA Alerts Users on Rowhammer Vulnerability Affecting GDDR6 GPUs
NVIDIA is warning users to enable System Level ECC to mitigate the risk of Rowhammer attacks on GPUs with GDDR6 memory, following recent research demonstrating the vulnerability on the A6000 model.
-
Security Flaw in McDonald’s AI Hiring Tool Exposes Personal Data of 64 Million Job Seekers
A security flaw in McDonald’s AI hiring tool, McHire, has led to the exposure of personal data for over 64 million job seekers. Researchers discovered that default credentials and an Insecure Direct Object Reference vulnerability allowed unauthorized access to sensitive information.
-
Nippon Steel Solutions Reports Data Breach Amid Cybersecurity Investigation
Nippon Steel Solutions has reported a data breach following a zero-day vulnerability exploitation, impacting customer and employee data. The company is investigating the incident while implementing stricter security measures.
