FuzzingLabs has accused the YCombinator-backed startup, Gecko Security, of replicating its vulnerability disclosures. Gecko allegedly filed for 2 CVEs based on FuzzingLabs’ reports without crediting them. Gecko denies any wrongdoing, calling the allegations a misunderstanding over disclosure process. […] Go to Source Author: Ax Sharma
Category Archives: Security
AI assistants are no longer just helping — they’re acting. Autonomous agents now open tickets, fix incidents, and make decisions faster than humans can monitor. As “Shadow AI” spreads, learn from Token Security why orgs must govern these agents like powerful new identities before oversight disappears. […] Go to Source Author: Sponsored by Token Security
Around 200,000 Linux computer systems from American computer maker Framework were shipped with signed UEFI shell components that could be exploited to bypass Secure Boot protections. […] Go to Source Author: Bill Toulas
Chinese state hackers remained undetected in a target environment for more than a year by turning a component in the ArcGIS geo-mapping tool into a web shell. […] Go to Source Author: Bill Toulas
Microsoft is restricting access to Internet Explorer mode in Edge browser after learning that hackers are leveraging zero-day exploits in the Chakra JavaScript engine for access to target devices. […] Go to Source Author: Bill Toulas
U.S. medical imaging provider SimonMed Imaging is notifying more than 1.2 million individuals of a data breach that exposed their sensitive information. […] Go to Source Author: Bill Toulas
A large-scale botnet is targeting Remote Desktop Protocol (RDP) services in the United States from more than 100,000 IP addresses. […] Go to Source Author: Bill Toulas
Researchers warn that threat actors have compromised more than a hundred SonicWall SSLVPN accounts in a large-scale campaign using stolen, valid credentials. […] Go to Source Author: Bill Toulas
Oracle has issued an emergency security update over the weekend to patch another E-Business Suite (EBS) vulnerability that can be exploited remotely by unauthenticated attackers. […] Go to Source Author: Sergiu Gatlan
AI-generated phishing and social engineering attacks outpace traditional email defenses. Varonis’ new Interceptor platform uses multimodal AI — vision, language, and behavior models — to detect zero-hour attacks and stop them before they reach users. […] Go to Source Author: Sponsored by Varonis