Python URL parsing function flaw can enable command executionSecurity Affairs
A severe vulnerability in the Python URL parsing function can be exploited to gain arbitrary file reads and command execution. Researchers warn of a high-severity…
Month: August 2023
Don’t Jump to Conclusions on Zero Trust Adoption
By John Linford, Forum Director, The Open Group Security Forum, and Open Trusted Technology Forum The Open Group Security & Open Trusted Technology (OTTF) Even…
API3:2023 Broken Object Property Level Authorization
Welcome to the 4th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners.…
Encryptionless Ransomware Attacks and Defense Strategies: An Interview with Zscaler’s Deepen Desai
In a recent interview with Deepen Desai, Global CISO and Head of Security Research at Zscaler, we discussed the evolving threat landscape and the company’s…
A New Attack Reveals Everything You Type With 95 Percent Accuracy
Of course, generative AI tools are the talk of the security industry this year. And Microsoft is no exception. In fact, since 2018, the company…
Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping
Aug 12, 2023THNVulnerability / Privacy Multiple security vulnerabilities have been disclosed in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP) that could be potentially…
Burp Suite 2023.9.1 Released – What’s New
Portswigger has released its latest version of Burp Suite 2023.9.1, which includes a lot of additional features and bug fixes that can be helpful for…
Black Hat USA 2023: Complete AI Briefings Roundup
The 26th annual BLACK HAT USA is taken place at the Mandalay Bay Convention Centre in Las Vegas from August 5 to August 10, 2023.…
Hackers Compromised ChatGPT Model with Indirect Prompt Injection
ChatGPT quickly gathered more than 100 million users just after its release, and the ongoing trend includes newer models like the advanced GPT-4 and several…
UK govt contractor MPD FM leaks employee passport dataSecurity Affairs
UK govt contractor MPD FM left an open instance that exposed employee passports, visas, and other sensitive data MPD FM, a facility management and security…
The Advancement And Perils Of Peer-to-Peer Payment Fraud
Online payments have undoubtedly revolutionized our lives, offering unparalleled convenience in sending money across borders and facilitating global commerce and connectivity. Among these payment innovations,…
Power Generator in South Africa hit with DroxiDat and Cobalt StrikeSecurity Affairs
Threat actors employed a new variant of the SystemBC malware, named DroxiDat, in attacks aimed at African critical infrastructure. Researchers from Kaspersky’s Global Research and Analysis…