Security
Headlines
HeadlinesLatestCVEs

Latest News

Data broker protection rule quietly withdrawn by CFPB

The CFPB has decided to withdraw a 2024 rule that was aimed at limiting the sale of Americans’ personal information by data brokers.

Malwarebytes
#git#auth
New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors

Cybersecurity researchers are calling attention to a new botnet malware called HTTPBot that has been used to primarily single out the gaming industry, as well as technology companies and educational institutions in China. "Over the past few months, it has expanded aggressively, continuously leveraging infected devices to launch external attacks," NSFOCUS said in a report published this week. "By

Meta sent cease and desist letter over AI training

A privacy advocacy group has clapped back at Meta over its plans to start training its AI model on European users' data.

Hackers Now Targeting US Retailers After UK Attacks, Google

Hackers from the Scattered Spider group, known for UK retail attacks, are now targeting US retailers, Google cybersecurity…

Top 10 Best Practices for Effective Data Protection

Data is the lifeblood of productivity, and protecting sensitive data is more critical than ever. With cyber threats evolving rapidly and data privacy regulations tightening, organizations must stay vigilant and proactive to safeguard their most valuable assets. But how do you build an effective data protection framework? In this article, we'll explore data protection best practices from meeting

GHSA-wrh5-cmwx-q2qr: Ollama Server Vulnerable to Denial of Service (DoS) Attack

A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can lead to a server crash.

Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks

Researchers at ETH Zürich have discovered yet another security flaw that they say impacts all modern Intel CPUs and causes them to leak sensitive data from memory, showing that the vulnerability known as Spectre continues to haunt computer systems after more than seven years. The vulnerability, referred to as Branch Privilege Injection (BPI), "can be exploited to misuse the prediction

Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks

Cybersecurity researchers have shed light on a new malware campaign that makes use of a PowerShell-based shellcode loader to deploy a remote access trojan called Remcos RAT. "Threat actors delivered malicious LNK files embedded within ZIP archives, often disguised as Office documents," Qualys security researcher Akshay Thorve said in a technical report. "The attack chain leverages mshta.exe for

[Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications

Modern apps move fast—faster than most security teams can keep up. As businesses rush to build in the cloud, security often lags behind. Teams scan code in isolation, react late to cloud threats, and monitor SOC alerts only after damage is done. Attackers don’t wait. They exploit vulnerabilities within hours. Yet most organizations take days to respond to critical cloud alerts. That delay isn’t

GHSA-7cfr-5cjf-32p4: lockfile-lint-api Vulnerable to Incorrect Behavior Order

Versions of the package lockfile-lint-api before 5.9.2 are vulnerable to Incorrect Behavior Order: Early Validation via the resolved attribute of the package URL validation which can be bypassed by extending the package name allowing an attacker to install other npm packages than the intended one.