Cloud SecurityAre your GitHub Action artifacts leaking tokens?Laura FrenchAugust 13, 2024Palo Alto research found many open-source projects can be compromised through public artifacts.
AI/MLMicrosoft Azure AI assistants can be tricked to turn over patient dataShaun NicholsAugust 13, 2024Microsoft Azure chatbots charged with handling personal medical data could be tricked into handing over personal data for hundreds of customers.
Vulnerability ManagementMicrosoft patches 9 zero-days, 6 exploited in the wildSteve ZurierAugust 13, 2024In addition to Microsoft patches, Adobe also addressed 71 CVEs across its products.
Network SecurityGoogle deactivates AdSense for Russian websitesShaun NicholsAugust 12, 2024Google has cut off business ties with Russian websites by deactivating AdSense accounts effective in August.
Network SecurityFreeBSD releases new patch for regreSSHion-related RCE flawLaura FrenchAugust 12, 2024The OpenSSH vulnerability in the operating system could enable remote code execution with root privileges.
Data Security48 types of PII targeted in East Valley Institute of Technology breachSteve ZurierAugust 12, 2024Data of more than 208,000 students potentially impacted in January breach.
Black HatWindows Downdate attack totally undermines Windows security; fix not yet readyPaul WagenseilAugust 12, 2024A new attack method unveiled at Black Hat abuses Windows Update to roll back Windows 11 to known exploitable versions.
Critical Infrastructure SecurityTrump campaign said senior staffer hacked by Iran-backed APTTom Spring August 12, 2024Internal Trump campaign documents from hacker "Robert" leaked to Politico and other media outlets are intended to disrupt the 2024 U.S. elections.
Black HatAI trickery: Security cam hack turns crooks into dogsTom Spring August 9, 2024Researchers demonstrate how an AI-enabled security cam can be manipulated to ‘think’ a home intruder is the family dog.
Black Hat20-year-old hardware flaw found in AMD chipsShaun NicholsAugust 9, 2024Researchers from IOActive have presented a decades-old vulnerability in AMD processors at the Def Con security conference
Here’s why it’s important to take CISA’s ‘Secure by Design Pledge’ seriouslyNadir IzraelAugust 13, 2024