Collaborate Disseminate
CISA warns that years-old vulnerabilities in SAP Commerce, Gpac framework, and D-Link DIR-820 routers are exploited in the wild.
The post Organizations Warned of Exploited SAP, Gpac and D-Link Vulnerabilities appeared first on SecurityWeek.
Continue reading Organizations Warned of Exploited SAP, Gpac and D-Link Vulnerabilities
This vulnerability hacks a feature that allows ChatGPT to have long-term memory, where it uses information from past conversations to inform future conversations with that same user. A researcher found that he could use that feature to plant “false memories” into that context window that could subvert the model.
A month later, the researcher submitted a new disclosure statement. This time, he included a PoC that caused the ChatGPT app for macOS to send a verbatim copy of all user input and ChatGPT output to a server of his choice. All a target needed to do was instruct the LLM to view a web link that hosted a malicious image. From then on, all input and output to and from ChatGPT was sent to the attacker’s website…
Continue reading Hacking ChatGPT by Planting False Memories into Its Data
A researcher has disclosed the details of an unpatched vulnerability that was expected to pose a serious threat to many Linux systems.
The post Highly Anticipated Linux Flaw Allows Remote Code Execution, but Less Serious Than Expected appeared first on… Continue reading Highly Anticipated Linux Flaw Allows Remote Code Execution, but Less Serious Than Expected
Nvidia confirms risk of code execution, denial of service, escalation of privileges, information disclosure, and data tampering. CVSS 9/10.
The post Critical Nvidia Container Flaw Exposes Cloud AI Systems to Host Takeover appeared first on SecurityWeek.
Continue reading Critical Nvidia Container Flaw Exposes Cloud AI Systems to Host Takeover
Cisco has released patches for seven high-severity vulnerabilities affecting products running IOS and IOS XE software.
The post Cisco Patches High-Severity Vulnerabilities in IOS Software appeared first on SecurityWeek.
Continue reading Cisco Patches High-Severity Vulnerabilities in IOS Software
ZDI offers over $1 million in cash and prizes at the next Pwn2Own Automotive hacking contest, set for January 2025 in Tokyo.
The post Second Pwn2Own Automotive Contest Offers Over $1 Million in Prizes appeared first on SecurityWeek.
Continue reading Second Pwn2Own Automotive Contest Offers Over $1 Million in Prizes
CVE-2024-7593 is the third Ivanti product vulnerability patched in recent months that has been exploited in the wild.
The post Third Recent Ivanti Vulnerability Exploited in the Wild appeared first on SecurityWeek.
Continue reading Third Recent Ivanti Vulnerability Exploited in the Wild
If exploited, the vulnerabilities could give hackers full administrative access to critical networks found in the management systems for large fuel storage.
The post Automatic tank gauge vendors alerted of software vulnerabilities in their products appeared first on CyberScoop.
Continue reading Automatic tank gauge vendors alerted of software vulnerabilities in their products
Microchip Advanced Software Framework (ASF) 3 is affected by a critical vulnerability that could lead to remote code execution.
The post CERT/CC Warns of Unpatched Critical Vulnerability in Microchip ASF appeared first on SecurityWeek.
Continue reading CERT/CC Warns of Unpatched Critical Vulnerability in Microchip ASF
ESET has released patches for two local privilege escalation vulnerabilities in security products for Windows and macOS.
The post ESET Patches Privilege Escalation Vulnerabilities in Windows, macOS Products appeared first on SecurityWeek.
Continue reading ESET Patches Privilege Escalation Vulnerabilities in Windows, macOS Products