Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Can AI & the Cyber Trust Mark Rebuild Endpoint Confidence?

The Cyber Trust Mark has the potential to change how we define and measure security at the endpoint level. But potential isn't enough.

DARKReading
Open in Source
#vulnerability#ios#git#auth#ibm
Top 5 AI-Powered Social Engineering Attacks

Social engineering has long been an effective tactic because of how it focuses on human vulnerabilities. There’s no brute-force ‘spray and pray’ password guessing. No scouring systems for unpatched software. Instead, it simply relies on manipulating emotions such as trust, fear, and respect for authority, usually with the goal of gaining access to sensitive information or protected systems.

Italy Bans Chinese DeepSeek AI Over Data Privacy and Ethical Concerns

Italy's data protection watchdog has blocked Chinese artificial intelligence (AI) firm DeepSeek's service within the country, citing a lack of information on its use of users' personal data. The development comes days after the authority, the Garante, sent a series of questions to DeepSeek, asking about its data handling practices and where it obtained its training data. In particular, it wanted

DeepSeek AI Leaks Over a Million Chat Logs and Sensitive Data Online

DeepSeek, a Chinese AI startup, exposed sensitive data by leaving a database open. Wiz Research found chat logs, keys, and backend details accessible.

Infrastructure Laundering: Blending in with the Cloud

In an effort to blend in and make their malicious traffic tougher to block, hosting firms catering to cybercriminals in China and Russia increasingly are funneling their operations through major U.S. cloud providers. Research published this week on one such outfit -- a sprawling network tied to Chinese organized crime gangs and aptly named "Funnull" -- highlights a persistent whac-a-mole problem facing cloud services.

Doppler announces integration with Datadog to streamline security and monitoring

San Francisco, United States / California, 30th January 2025, CyberNewsWire

New Jailbreaks Allow Users to Manipulate GitHub Copilot

Whether by intercepting its traffic or just giving it a little nudge, GitHub's AI assistant can be made to do malicious things it isn't supposed to.

GHSA-mm49-4f2g-c3wf: DevDojo Voyager vulnerable to reflected Cross-site Scripting

DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed.

GHSA-j63m-2vr6-fv7m: DevDojo Voyager vulnerable to path traversal

DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass.

GHSA-fcrw-mphx-7cxf: Wildfly Server Role Based Access Control (RBAC) provider has Improper Access Control

A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server. The vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action.