OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation
A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public disclosure.The vulnerability, tracked...
Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes
Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully...
Malicious npm Package Targets Atomic Wallet, Exodus Users by Swapping Crypto Addresses
Threat actors are continuing to upload malicious packages to the npm registry so as to tamper with already-installed local versions of legitimate libraries to...
PlayPraetor Reloaded: CTM360 Uncovers a Play Masquerading Party
CTM360 has now identified a much larger extent of the ongoing Play Praetor campaign. What started with 6000+ URLs of a very specific banking...
The Identities Behind AI Agents: A Deep Dive Into AI & NHI
AI agents have rapidly evolved from experimental technology to essential business tools. The OWASP framework explicitly recognizes that Non-Human Identities play a key role...
Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine
The Russia-linked threat actor known as Gamaredon (aka Shuckworm) has been attributed to a cyber attack targeting a foreign military mission based in Ukraine...
Europol Arrests Five SmokeLoader Clients Linked by Seized Database Evidence
Law enforcement authorities have announced that they tracked down the customers of the SmokeLoader malware and detained at least five individuals."In a coordinated series...
AkiraBot Targets 420,000 Sites with OpenAI-Generated Spam, Bypassing CAPTCHA Protections
Cybersecurity researchers have disclosed details of an artificial intelligence (AI) powered platform called AkiraBot that's used to spam website chats, comment sections, and contact...
Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam...
Lovable, a generative artificial intelligence (AI) powered platform that allows for creating full-stack web applications using text-based prompts, has been found to be the...
New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner
A Chinese-affiliated threat actor known for its cyber-attacks in Asia has been observed exploiting a security flaw in security software from ESET to deliver...
