Collaborate Disseminate
Three vulnerabilities in the Judge0 open source service could allow attackers to escape the sandbox and obtain root privileges on the host.
The post Critical Vulnerabilities in Judge0 Lead to Sandbox Escape, Host Takeover appeared first on SecurityWeek.
Continue reading Critical Vulnerabilities in Judge0 Lead to Sandbox Escape, Host Takeover
New CISA guidelines categorize AI risks into three significant types and pushes a four-part mitigation strategy.
The post CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure appeared first on SecurityWeek.
Continue reading CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure
In 2023, Google said it blocked 2.28 million bad applications from being published on Google Play and banned 333,000 developer accounts.
The post Google Says it Blocked 2.28 Million Apps from Google Play Store appeared first on SecurityWeek.
Continue reading Google Says it Blocked 2.28 Million Apps from Google Play Store
US healthcare giant is warning millions of current and former patients that their personal information was exposed to third-party advertisers.
The post Kaiser Permanente Data Breach Impacts 13.4 Million Patients appeared first on SecurityWeek.
Continue reading Kaiser Permanente Data Breach Impacts 13.4 Million Patients
A new Android trojan named Brokewell can steal user’s sensitive information and allows attackers to take over devices.
The post Powerful ‘Brokewell’ Android Trojan Allows Attackers to Takeover Devices appeared first on SecurityWeek.
Continue reading Powerful ‘Brokewell’ Android Trojan Allows Attackers to Takeover Devices
More than 1,400 CrushFTP servers remain vulnerable to an actively exploited zero-day for which PoC has been published.
The post Over 1,400 CrushFTP Instances Vulnerable to Exploited Zero-Day appeared first on SecurityWeek.
Continue reading Over 1,400 CrushFTP Instances Vulnerable to Exploited Zero-Day
More than 90,000 unique IPs are still infected with a PlugX worm variant that spreads via infected flash drives.
The post Self-Spreading PlugX USB Drive Malware Plagues Over 90k IP Addresses appeared first on SecurityWeek.
Continue reading Self-Spreading PlugX USB Drive Malware Plagues Over 90k IP Addresses
A North Korea-linked threat actor hijacked the update mechanism of eScan antivirus to deploy backdoors and cryptocurrency miners.
The post North Korean Hackers Hijack Antivirus Updates for Malware Delivery appeared first on SecurityWeek.
Continue reading North Korean Hackers Hijack Antivirus Updates for Malware Delivery
A threat actor tracked as CoralRaider has been using multiple infostealers to harvest credentials from users worldwide.
The post Threat Actor Uses Multiple Infostealers in Global Campaign appeared first on SecurityWeek.
Continue reading Threat Actor Uses Multiple Infostealers in Global Campaign
Russia-linked APT28 deploys the GooseEgg post-exploitation tool against numerous US and European organizations.
The post Russian Cyberspies Deliver ‘GooseEgg’ Malware to Government Organizations appeared first on SecurityWeek.
Continue reading Russian Cyberspies Deliver ‘GooseEgg’ Malware to Government Organizations