Security
Headlines
HeadlinesLatestCVEs

Latest News

GHSA-vv2h-2w3q-3fx7: PandasAI interactive prompt function Remote Code Execution (RCE)

PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution (RCE) instead of the intended explanation of the natural language processing by the LLM. The security controls of PandasAI (2.4.3 and earlier) fail to distinguish between legitimate and malicious inputs, allowing the attackers to manipulate the system into executing untrusted code, leading to untrusted code execution (RCE), system compromise, or pivoting attacks on connected services.

ghsa
Open in Source
#git#rce
Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification

Google has stepped in to clarify that a newly introduced Android System SafetyCore app does not perform any client-side scanning of content. "Android provides many on-device protections that safeguard users against threats like malware, messaging spam and abuse protections, and phone scam protections, while preserving user privacy and keeping users in control of their data," a spokesperson for

Salt Typhoon's Impact on the US & Beyond

Salt Typhoon underscores the urgent need for organizations to rapidly adopt modern security practices to meet evolving threats.

DeepSeek AI Fails Multiple Security Tests, Raising Red Flag for Businesses

The popular generative AI (GenAI) model allows hallucinations, easily avoidable guardrails, susceptibility to jailbreaking and malware creation requests, and more at critically high rates, researchers find.

Apple fixes zero-day vulnerability used in “extremely sophisticated attack”

Apple has released an out-of-band security update for a vulnerability which it says may have been exploited in an "extremely sophisticated attack against specific targeted individuals.”

Phishing evolves beyond email to become latest Android app threat

Android phishing apps are the latest, critical threat for Android users, putting their passwords in danger of new, sneaky tricks of theft.

Apple ordered to grant access to users’ encrypted data

The UK has demanded Apple provides it with a worldwide backdoor into iCloud backups. Privacy organizations are furious.

4 Ways to Keep MFA From Becoming too Much of a Good Thing

Multi-factor authentication (MFA) has quickly become the standard for securing business accounts. Once a niche security measure, adoption is on the rise across industries. But while it’s undeniably effective at keeping bad actors out, the implementation of MFA solutions can be a tangled mess of competing designs and ideas. For businesses and employees, the reality is that MFA sometimes feels

SystemBC RAT Now Targets Linux, Spreading Ransomware and Infostealers

SystemBC RAT now targets Linux, enabling ransomware gangs like Ryuk & Conti to spread, evade detection, and maintain encrypted C2 traffic for stealthy cyberattacks.

Progress Software Patches High-Severity LoadMaster Flaws Affecting Multiple Versions

Progress Software has addressed multiple high-severity security flaws in its LoadMaster software that could be exploited by malicious actors to execute arbitrary system commands or download any file from the system. Kemp LoadMaster is a high-performance application delivery controller (ADC) and load balancer that provides availability, scalability, performance, and security for business-critical