The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws impacting Citrix Session Recording and Git to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows – CVE-2024-8068 (CVSS score: 5.1) – An improper privilege management vulnerability in Citrix Session Recording […]
Author Archives: Onsite Computing, Inc.
Internet intelligence firm GreyNoise reports that it has recorded a significant spike in scanning activity consisting of nearly 1,971 IP addresses probing Microsoft Remote Desktop Web Access and RDP Web Client authentication portals in unison, suggesting a coordinated reconnaissance campaign. […] Go to Source Author: Lawrence Abrams
Researchers have developed a novel attack that steals user data by injecting malicious prompts in images processed by AI systems before delivering them to a large language model. […] Go to Source Author: Bill Toulas
Lab-Dookhtegen claims major attack on more than 60 cargo ships and oil tankers belonging to two Iranian companies on US sanctions list. Go to Source Author: Jai Vijayan, Contributing Writer
The chairman sent letters out to companies like Apple, Meta, and Microsoft, advising them not to adhere to the demands of foreign governments to weaken their encryption. Go to Source Author: Kristina Beek
Because instructions appear to come from AI-generated content summaries and not an external source, the victim is more likely to follow them without suspicion. Go to Source Author: Alexander Culafi
U.S. insurance giant Farmers Insurance has disclosed a data breach impacting 1.1 million customers, with BleepingComputer learning that the data was stolen in the widespread Salesforce attacks. […] Go to Source Author: Lawrence Abrams
French retailer Auchan is informing that some sensitive data associated with loyalty accounts of several hundred thousand of its customers was exposed in a cyberattack. […] Go to Source Author: Bill Toulas
A China-nexus threat actor known as UNC6384 has been attributed to a set of attacks targeting diplomats in Southeast Asia and other entities across the globe to advance Beijing’s strategic interests. “This multi-stage attack chain leverages advanced social engineering including valid code signing certificates, an adversary-in-the-middle (AitM) attack, and indirect execution techniques to evade Go […]
Docker has released fixes to address a critical security flaw affecting the Docker Desktop app for Windows and macOS that could potentially allow an attacker to break out of the confines of a container. The vulnerability, tracked as CVE-2025-9074, carries a CVSS score of 9.3 out of 10.0. It has been addressed in version 4.44.3. […]