Latest News
Cary, North Carolina, 26th January 2025, CyberNewsWire
A high-severity security flaw has been disclosed in Meta's Llama large language model (LLM) framework that, if successfully exploited, could allow an attacker to execute arbitrary code on the llama-stack inference server. The vulnerability, tracked as CVE-2024-50050, has been assigned a CVSS score of 6.3 out of 10.0. Supply chain security firm Snyk, on the other hand, has assigned it a
UnitedHealth Group has confirmed that a ransomware attack targeted its subsidiary, Change Healthcare, in February 2024, impacting 190…
Cybersecurity researchers discovered 270,000+ lines of American National Insurance customer data leaked online, potentially linked to the 2023…
The number of CISOs who report directly to the CEO is up sharply in recent years, but many still say it's not enough to secure adequate resources.
A departmentwide initiative has now led to five major law enforcement actions, in an attempt to curb the increasingly common trend of North Korean hackers posing as IT job applicants.
### Impact In CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and credential based URL, the entire URL will be included in the built Implementation Guide, exposing username and credential. This does not impact users that clone public repos without credentials, such as those using the auto-ig-build continuous integration infrastructure. ### Patches This problem has been patched in release [1.8.9](https://github.com/HL7/fhir-ig-publisher/releases/tag/1.8.9) ### Workarounds Users should update to 1.8.9 or the latest release OR Users should ensure the IG repo they are publishing does not have username or credentials included in the `origin` URL. Running the command `git remote origin url` should return a URL that contains no username, password, or token. OR Users should run the IG Publisher CLI with the `-repo` parameter and specify a URL that contains no us...
The MITRE framework's applied exercise provides defenders with critical feedback about how to detect and defend against common, but sophisticated, attacks.
The bug has been given a 9.9 CVSS score, and could allow authenticated threat actors to escalate their privileges to admin-level if exploited.
Third-party API security requires a tailored approach for different scenarios. Learn how to adapt your security strategy to outbound data flows, inbound traffic, and SaaS-to-SaaS interconnections.