Triada strikes back
Kaspersky expert has discovered a new version of the Triada Trojan, with custom modules for Telegram, WhatsApp, TikTok, and other apps. Continue reading Triada strikes back
Intel Says Employees Must Return To the Office 4 Days a Week
New Intel CEO Lip-Bu Tan has mandated that employees return to the office four days a week starting September 1 to boost collaboration and decision-making. Tan also signaled upcoming job cuts and organizational changes, including a flatter management s… Continue reading Intel Says Employees Must Return To the Office 4 Days a Week
SAP Zero-Day Possibly Exploited by Initial Access Broker
A zero-day vulnerability in SAP NetWeaver potentially affects more than 10,000 internet-facing applications.
The post SAP Zero-Day Possibly Exploited by Initial Access Broker appeared first on SecurityWeek.
Continue reading SAP Zero-Day Possibly Exploited by Initial Access Broker
All Major Gen-AI Models Vulnerable to ‘Policy Puppetry’ Prompt Injection Attack
A new attack technique named Policy Puppetry can break the protections of major gen-AI models to produce harmful outputs.
The post All Major Gen-AI Models Vulnerable to ‘Policy Puppetry’ Prompt Injection Attack appeared first on SecurityWeek.
Continue reading All Major Gen-AI Models Vulnerable to ‘Policy Puppetry’ Prompt Injection Attack
Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers
Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain unauthorized access to files, inject malicious data, and tamper with logs under certain … Continue reading Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers
DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks
Cybersecurity researchers are warning about a new malware called DslogdRAT that’s installed following the exploitation of a now-patched security flaw in Ivanti Connect Secure (ICS).
The malware, along with a web shell, were “installed by exploiting a z… Continue reading DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks
Detectify Asset Classification and Scan Recommendations improves vulnerability testing
Detectify announced new Asset Classification and Scan Recommendations capabilities. This innovation directly addresses a critical challenge for security teams: knowing what else, beyond their core applications, requires in-depth testing. The new featur… Continue reading Detectify Asset Classification and Scan Recommendations improves vulnerability testing
Anthropic finds alarming ’emerging trends’ in Claude misuse report
Claude was used to create advanced malware and push paid political agendas on social media. Continue reading Anthropic finds alarming ’emerging trends’ in Claude misuse report
Rubrik Identity Resilience protects vulnerable authentication infrastructure
Rubrik announced its upcoming solution, Identity Resilience, designed to secure the entire identity landscape alongside data. Identity Resilience aims to protect the most common entry points for attackers – human and non-human identities (NHIs) – to he… Continue reading Rubrik Identity Resilience protects vulnerable authentication infrastructure
Why the road from passwords to passkeys is long, bumpy, and worth it – probably
The passkey standard has reached a precarious moment. Let’s not blow it, OK? Continue reading Why the road from passwords to passkeys is long, bumpy, and worth it – probably