#web

OpenAI’s newest model is “a data hoover on steroids,” says one expert—but there are still ways to use it while minimizing risk.

Microsoft partners with the global security researcher community to surface and report security vulnerabilities to protect all users of Microsoft products and services. Researcher submissions help us address immediate threats while also identifying trends and insights to holistically improve the security of our products and services. We’re always looking for ways to build upon this partnership, and with that goal in mind, we are excited to announce the creation of the MSRC Researcher Resource Center.

According to the study, around 400 stolen GenAI credentials are being sold by threat actors per day.

With sufficient privileges in Active Directory, attackers only have to create an "ESX Admins" group in the targeted domain and add a user to it.

Only trust official sources they say, but what happens when a Google vetted ad is for a Google product?

### Summary Navigating to `/admin/index/statistics` with a **logged in Pimcore user** (not an XmlHttpRequest because of this check: [IndexController:125](https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/IndexController.php#L125C24-L125C40)) exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the system. > The web server should not return any product and version information of the components used. The table names and row counts should not be exposed. ### Details `/admin/index/statistics` returns the following JSON-response: ``` { { "instanceId": "...", "pimcore_major_version": 11, "pimcore_version": "v11.3.1", "pimcore_hash": "3ecd39f21dbdd25ffdf4bec6e2c860eccfd3d008", "pimcore_platform_version": "v2024.2", "php_version": "8.3.8", "mysql_version": "10.11.8-MariaDB-ubu2204", "bundles": [ //...

This year’s Intelligence Authorization Act would mandate penetration testing for federally certified voting machines and allow independent researchers to work on exposing vulnerabilities.

The incident serves as a stark reminder of the fragility of our digital infrastructure. By adopting a diversified, resilient approach to cybersecurity, we can mitigate the risks and build a more secure digital future.

Ubuntu Security Notice 6924-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice 6923-2 - Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.