Even after a fix was issued, lingering prompt injection risks in GitLab’s AI assistant might allow attackers to indirectly deliver developers malware, dirty links, and more. Go to Source Author: Nate Nelson, Contributing Writer
Author Archives: Onsite Computing, Inc.
Critical vulnerabilities in Versa Concerto that are still unpatched could allow remote attackers to bypass authentication and execute arbitrary code on affected systems. […] Go to Source Author: Bill Toulas
A sprawling operation undertaken by global law enforcement agencies and a consortium of private sector firms has disrupted the online infrastructure associated with a commodity information stealer known as Lumma (aka LummaC or LummaC2), seizing 2,300 domains that acted as the command-and-control (C2) backbone to commandeer infected Windows systems. “Malware like LummaC2 is deployed to […]
Anthropic is secretly working on two new models called Claude Sonnet 4 and Opus 4, which are believed to be the company’s most advanced AI models. […] Go to Source Author: Mayank Parmar
ChatGPT’s Operator, which is still in research preview, will soon become a “very useful tool,” according to Jerry Tworek, VP of Research at OpenAI. […] Go to Source Author: Mayank Parmar
A critical Samlify authentication bypass vulnerability has been discovered that allows attackers to impersonate admin users by injecting unsigned malicious assertions into legitimately signed SAML responses. […] Go to Source Author: Bill Toulas
The FBI and partners have disrupted “the world’s most popular malware,” a sleek enterprise with thousands of moving parts, responsible for millions of cyberattacks in every part of the world. Go to Source Author: Tara Seals
Wiz researchers found an opportunistic threat actor has been targeting vulnerable edge devices, including Ivanti VPNs and Palo Alto firewalls. Go to Source Author: Rob Wright
A Russian state-sponsored cyberespionage campaign attributed to APT28 (Fancy Bear/Forest Blizzard) hackers has been targeting and compromising international organizations since 2022 to disrupt aid efforts to Ukraine. […] Go to Source Author: Ionut Ilascu
The company expects it will continue to struggle with online disruptions until at least July, due to the attack. Go to Source Author: Kristina Beek, Associate Editor, Dark Reading